Speeding APT Attack Confirmation with Attack Discovery, Workflows, and Agent Builder

Lotus Blossom (state-sponsored) executed a supply-chain compromise of Notepad++ updates that deployed the Chrysalis backdoor — a feature-rich implant using DLL sideloading, reflective loading, API-hashing, and DNS beaconing — and this report demonstrates detection and automated response using Elastic Security's Attack Discovery, Workflows, and Agent Builder to rapidly confirm, triage, and remediate infections.