An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits likeΒ Cobalt Strike,Β Sliver, andΒ Brute Ratel.
Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilizedΒ Havoc.
"While C2 frameworks are prolific, the
Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities.
The findings come from AhnLab Security Emergency response Center (ASEC), which discovered that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads.
"