CyberSecurityBoard
Sponsor Register Login

Elastic EDR Evaded by Advanced Threat Actors: New Techniques Uncovered

Recent investigations reveal that Elastic Endpoint Detection and Response (EDR) solutions have been successfully evaded by sophisticated threat actors using novel attack techniques. This development highlights the evolving landscape of cyber threats and the need for continuous improvement in endpoint security measures. The attackers employed advanced evasion tactics to bypass Elastic's detection capabilities, emphasizing the importance of layered security and proactive threat hunting. Organizations relying on Elastic EDR should reassess their security posture and consider integrating complementary tools to enhance detection and response effectiveness. This article delves into the methods used by attackers, the implications for cybersecurity defenses, and best practices for mitigating such risks. It also underscores the critical role of threat intelligence and real-time monitoring in defending against emerging threats. By understanding these evasion strategies, security teams can better prepare and adapt their defenses to protect critical assets from sophisticated intrusions.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 07 Nov 2025 11:35:11 +0000


Cyber News related to Elastic EDR Evaded by Advanced Threat Actors: New Techniques Uncovered

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
6 months ago Cybersecuritynews.com
Silly EDR Bypasses and Where To Find Them - One of the drawbacks of direct & indirect syscalls is that it's clear from the callstack that you bypassed the EDR's user mode hook. As you can see from the last image, when a call is done through a hooked function the return address for the EDR's ...
2 years ago Malwaretech.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky
Elastic EDR Evaded by Advanced Threat Actors: New Techniques Uncovered - Recent investigations reveal that Elastic Endpoint Detection and Response (EDR) solutions have been successfully evaded by sophisticated threat actors using novel attack techniques. This development highlights the evolving landscape of cyber threats ...
2 months ago Cybersecuritynews.com CVE-2023-12345 CVE-2024-56789 APT29 Lazarus Group
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
9 months ago Cybersecuritynews.com
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
9 months ago Cybersecuritynews.com
Windows Incident Response: EDRSilencer - Going unnoticed on an endpoint when we believe or feel that EDR is prevalent can be a challenge, and this could be the reason why these discussions have taken hold. If you look at other aspects of EDR and SOC operations, there are plenty of ...
1 year ago Windowsir.blogspot.com Silence
EDR Redir Tool Breaks EDR - The article discusses a newly discovered tool called EDR Redir that effectively bypasses Endpoint Detection and Response (EDR) systems. EDR solutions are critical in modern cybersecurity for detecting and mitigating threats on endpoints, but ...
2 months ago Cybersecuritynews.com
An Introduction to Bypassing User Mode EDR Hooks - While cross-referencing notes against old blog posts, I realized that I never actually published the majority of my work on system calls and user mode hooking. System calls are the standard way to transition from user mode to kernel mode. On Windows, ...
2 years ago Malwaretech.com
Top 10 XDR (Extended Detection & Response) Solutions - 2025 - CrowdStrike Falcon XDR uses this data to extend EDR outcomes and advanced threat detection across the security stack, thereby stopping breaches more quickly. It does this by using CrowdStrike’s world-class machine learning, artificial ...
9 months ago Cybersecuritynews.com
Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections - This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Security experts recommend implementing application control measures, ...
5 months ago Cybersecuritynews.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
2 years ago Feeds.fortinet.com CVE-2023-42793 APT29
Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR For Maximum Protection - To effectively counter these threats, organizations must integrate Digital Forensics, Extended Detection and Response (XDR), and Endpoint Detection and Response (EDR) into a unified security framework. It involves two main components: digital ...
8 months ago Cybersecuritynews.com
Singularity Linux Rootkit Evades Elastic EDR - A new sophisticated Linux rootkit named Singularity has been discovered, capable of evading detection by Elastic Endpoint Detection and Response (EDR) solutions. This rootkit employs advanced stealth techniques to maintain persistence and conceal its ...
2 months ago Cybersecuritynews.com
EDR Freeze Tool: How Attackers Bypass Endpoint Detection and Response Systems - The article discusses the emergence of the EDR Freeze Tool, a sophisticated method used by cyber attackers to bypass Endpoint Detection and Response (EDR) systems. EDR solutions are critical in modern cybersecurity for detecting and mitigating ...
3 months ago Cybersecuritynews.com
New "Bring Your Own Installer" EDR bypass used in ransomware attack - A new "Bring Your Own Installer" EDR bypass technique is exploited in attacks to bypass SentinelOne's tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. ...
8 months ago Bleepingcomputer.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
Automating Threat Intelligence Enrichment In Your SIEM With MISP - In conclusion, automating threat intelligence enrichment between MISP and your SIEM using Python is a transformative step for any security operations center. This article explores how to architect, implement, and operationalize automated threat ...
8 months ago Cybersecuritynews.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
1 year ago Microsoft.com
Windows Incident Response: Round Up - MSSQL is still a thingTheDFIRReport recently posted an article regarding BlueSky ransomware being deployed following MSSQL being brute forced. I'm always interested in things like this because it's possible that the author will provide clear ...
2 years ago Windowsir.blogspot.com
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 APT28
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
Linux Rootkit Evades Elastic EDR Detection - A newly discovered Linux rootkit has demonstrated the ability to evade detection by Elastic Endpoint Detection and Response (EDR) solutions, raising significant concerns for cybersecurity professionals. This rootkit employs advanced stealth ...
2 months ago Cybersecuritynews.com
Kaspersky Unveils New Flagship Product Line for Business, Kaspersky Next - PRESS RELEASE. Woburn, MA - April 16, 2024 - Today Kaspersky introduced its new flagship product line, Kaspersky Next, combining robust endpoint protection with the transparency and speed of EDR, alongside the visibility and powerful tools of XDR. ...
1 year ago Darkreading.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)