Articles by Elastic Security Intelligence & Analytics Team

In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment, with insights on how evasion occurs within impacted systems.

The Elastic Security Research Team released a detailed report outlining technical details regarding the BLISTER launcher, a sophisticated malware campaign.

In this post, we detail a series of tactics for hunting with new data types and fields within Elastic and how to leverage Elastic Security to its fullest potential.

Provide executive-level details about CVE-2022-22965, a recently-disclosed remote code execution (RCE) vulnerability also known as “Spring4Shell”.

The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector. Learn more.

Elastic Security verified a data wiper malware campaign that is targeting Ukrainian systems. As this malware campaign is new, with more information being uncovered hourly, it is being referred to as HERMETICWIPER.

Elastic Security перевірила зловмисне програмне забезпечення для стирання даних, яке спрямоване на українські системи. Оскільки ця кампанія є новим явищем і ми щогодини дізнаємося щось нове, її називають HERMETICWIPER.

The Elastic Security Research team has identified new detection strategies to overcome the bypass methodologies used by adversaries to silently deploy malware onto an endpoint and elevate privileges without the end-user knowing.