Category
Activity group
1 November 2023
Elastic catches DPRK passing out KANDYKORN
Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware.
![The DPRK strikes using a new variant of RUSTBUCKET](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2FDPRK-strikes-using-a-new-variant-of-rustbucket%2Fphoto-edited-12%402x.jpg&w=828&q=75)
The DPRK strikes using a new variant of RUSTBUCKET
Watch out! We’ve recently discovered a variant of RUSTBUCKET. Read this article to understand the new capabilities we’ve observed, as well as how to identify it in your own network.
![Exploring the QBOT Attack Pattern](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fexploring-the-qbot-attack-pattern%2Fblog-security-endpoint-720x420.png&w=828&q=75)
Exploring the QBOT Attack Pattern
In this research publication, we'll explore our analysis of the QBOT attack pattern — a full-featured and prolific malware family.
![Playing defense against Gamaredon Group](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fplaying-defense-against-gamaredon-group%2Fblog-thumb-digital-shield.jpg&w=828&q=75)
Playing defense against Gamaredon Group
Learn about the recent campaign of a Russia-based threat group known as Gamaredon Group. This post will review these details and provide detection strategies.
![Okta and LAPSUS$: What you need to know](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fokta-and-lapsus-what-you-need-to-know%2Fblog-security-detection-720x420.png&w=828&q=75)
Okta and LAPSUS$: What you need to know
The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic