1. Forum
  2. FIDO
  3. CONSPRCY

  • Russian hackers target HR

    From Mike Powell@1:2320/107 to All on Wed Mar 11 09:54:01 2026
    Russian hackers target HR departments with vicious new 'BlackSanta' malware

    Date:
    Wed, 11 Mar 2026 12:05:00 +0000

    Description:
    The malware is described as an 'EDR killer', stopping security solutions and suppressing notifications.

    FULL STORY
    Russian hackers target HR departments with BlackSanta malware
    Infection chain uses phishing emails and malicious ISO files
    BlackSanta disables EDR tools to enable deeper compromise

    Russian hackers have been targeting Human Resources
    (HR) departments at various organizations around the world with a
    never-before seen piece of malware called BlackSanta.

    The campaign was spotted by cybersecurity researchers Aryaka, who said the attacks have been going on for at least a year, and include a rather sophisticated infection chain. It most likely starts with a phishing email pretending to share resumes for potential employees, including a link to a Dropbox folder holding an ISO image. These files are clones of optical discs and were rather popular in the early 2000s until thumb drives became more affordable. These days, however, they can be seen as a major red flag since they are rarely used outside of scams.

    EDR killer -- Still, those who
    dont spot the ruse, download the ISO and extract it, will get multiple files, including a shortcut file, and a PowerShell script. The script downloads a malicious DLL file and a legitimate PDF reader, which is used to side-load
    the DLL.

    The DLL then first scans the system to see if its running in a sandbox environment, or a virtual machine. If it deems the machine worthy of further infection, it downloads additional payloads, among which is BlackSanta.

    This piece of malware is described as an EDR killer - meaning it terminates endpoint detection and response tools before allowing further payloads to be deployed.

    It is also capable of different things, depending on the type of EDR solution found on the target device. For example, it can suppress Windows
    notifications to continue running even as the OS tries to alert the user
    about the ongoing attack.

    Aryaka says the attackers were spotted in the wild, but did not say how many organizations were attacked, or how many actually fell victim. It also did
    not discuss the identity of the attackers, but judging by the MO, it doesnt seem to be any of the more popular, state-sponsored groups.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-hackers-target-hr-departments-w ith-vicious-new-blacksanta-malware

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (1:2320/107)