CyberSecurityBoard
Sponsor Register Login

Threat Actor Installed EDR on Their Systems to Evade Detection

In a recent cybersecurity incident, a sophisticated threat actor installed Endpoint Detection and Response (EDR) software on their own systems. This unusual tactic was employed to evade detection and maintain persistence within targeted networks. By deploying EDR tools, the attacker could monitor security alerts and adjust their activities to avoid triggering alarms, effectively turning defensive technology into a tool for stealth. This method highlights the evolving complexity of cyber threats and the need for advanced detection strategies that go beyond traditional endpoint security. Organizations must enhance their threat hunting capabilities and adopt behavioral analytics to identify such deceptive tactics. The incident underscores the importance of continuous monitoring and the integration of threat intelligence to anticipate and counteract adversary maneuvers. Cybersecurity teams should also focus on securing their EDR deployments to prevent misuse by attackers. This case serves as a critical reminder that attackers are becoming more innovative, leveraging security tools against defenders, and that proactive, layered defense mechanisms are essential to protect digital assets.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 10 Sep 2025 15:10:24 +0000


Cyber News related to Threat Actor Installed EDR on Their Systems to Evade Detection

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
Silly EDR Bypasses and Where To Find Them - One of the drawbacks of direct & indirect syscalls is that it's clear from the callstack that you bypassed the EDR's user mode hook. As you can see from the last image, when a call is done through a hooked function the return address for the EDR's ...
1 year ago Malwaretech.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
6 months ago Cybersecuritynews.com
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
6 months ago Cybersecuritynews.com
Windows Incident Response: EDRSilencer - Going unnoticed on an endpoint when we believe or feel that EDR is prevalent can be a challenge, and this could be the reason why these discussions have taken hold. If you look at other aspects of EDR and SOC operations, there are plenty of ...
1 year ago Windowsir.blogspot.com Silence
Windows Incident Response: Human Behavior In Digital Forensics, pt III - Digital forensics can provide us insight into a threat actor's sophistication and situational awareness, which can, in turn, help us understand their intent. Observing the threat actor's actions helps us understand not just their intent, but what ...
1 year ago Windowsir.blogspot.com
Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR For Maximum Protection - To effectively counter these threats, organizations must integrate Digital Forensics, Extended Detection and Response (XDR), and Endpoint Detection and Response (EDR) into a unified security framework. It involves two main components: digital ...
5 months ago Cybersecuritynews.com
Top 10 XDR (Extended Detection & Response) Solutions - 2025 - CrowdStrike Falcon XDR uses this data to extend EDR outcomes and advanced threat detection across the security stack, thereby stopping breaches more quickly. It does this by using CrowdStrike’s world-class machine learning, artificial ...
6 months ago Cybersecuritynews.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29
How To Use YARA Rules To Identify Financial Sector Targeted Attacks - By analyzing multiple samples from the same malware family, security teams can create YARA rules that identify various iterations of the threat, even as attackers attempt to modify their code to evade detection. By scanning network traffic for ...
5 months ago Cybersecuritynews.com Hunters
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor's Activity - By analyzing tools, logs and artifacts left open to the internet, we were able to profile the threat actor and their victims. After analyzing the artifacts we can conclude with moderate confidence that the majority of the threat actor activity ...
1 year ago Thedfirreport.com
Best MDR (Managed Detection & Response) Solutions - 2025 - Cybereason Managed Detection and Response solutions provide 24/7 threat monitoring, advanced endpoint protection, and rapid incident response. Cynet MDR solutions provide automated threat detection and response, ensuring comprehensive security ...
6 months ago Cybersecuritynews.com
Improving Threat Detection: The Role Of MDR And XDR In Your Security Operations - MDR and XDR represent the next generation of threat detection and response, addressing the limitations of traditional security tools and enabling organizations to stay ahead of sophisticated adversaries. For organizations just beginning to mature ...
5 months ago Cybersecuritynews.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
1 year ago Thedfirreport.com Trigona
Windows Incident Response: Round Up - MSSQL is still a thingTheDFIRReport recently posted an article regarding BlueSky ransomware being deployed following MSSQL being brute forced. I'm always interested in things like this because it's possible that the author will provide clear ...
1 year ago Windowsir.blogspot.com
EDR Freeze Tool: How Attackers Bypass Endpoint Detection and Response Systems - The article discusses the emergence of the EDR Freeze Tool, a sophisticated method used by cyber attackers to bypass Endpoint Detection and Response (EDR) systems. EDR solutions are critical in modern cybersecurity for detecting and mitigating ...
2 weeks ago Cybersecuritynews.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US - Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors' activity. We ...
1 year ago Unit42.paloaltonetworks.com
Threat Actor Installed EDR on Their Systems to Evade Detection - In a recent cybersecurity incident, a sophisticated threat actor installed Endpoint Detection and Response (EDR) software on their own systems. This unusual tactic was employed to evade detection and maintain persistence within targeted networks. By ...
4 weeks ago Cybersecuritynews.com
An Introduction to Bypassing User Mode EDR Hooks - While cross-referencing notes against old blog posts, I realized that I never actually published the majority of my work on system calls and user mode hooking. System calls are the standard way to transition from user mode to kernel mode. On Windows, ...
1 year ago Malwaretech.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
Windows Incident Response: Human Behavior In Digital Forensics, pt II - Targeted Threat ActorI was working a targeted threat actor response, and while we were continuing to collect information for scoping, so we could move to containment, we found that on one day, from one endpoint, the threat actor pushed their RAT ...
1 year ago Windowsir.blogspot.com
Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections - This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Security experts recommend implementing application control measures, ...
2 months ago Cybersecuritynews.com
PRODUCT REVIEW: ENEA QOSMOS THREAT DETECTION SDK - The Qosmos Threat Detection Software Development Kit is Enea's innovative solution to the demand for more robust, adaptable, and high-performance network threat detection platforms. ADVANCED THREAT DETECTION WITH SUPERIOR TRAFFIC VISIBILITY. ...
1 year ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)