Russian hackers target HR - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Russian hackers target HR
De:       Mike Powell
Data:     Wed, 11 Mar 2026 09:54:01 -0500
-----------------------------------------------------------
Russian hackers target HR departments with vicious new 'BlackSanta' malware

Date:
Wed, 11 Mar 2026 12:05:00 +0000

Description:
The malware is described as an 'EDR killer', stopping security solutions and
suppressing notifications.

FULL STORY
Russian hackers target HR departments with BlackSanta malware
Infection chain uses phishing emails and malicious ISO files
BlackSanta disables EDR tools to enable deeper compromise

Russian hackers have been targeting Human Resources
(HR) departments at various organizations around the world with a 
never-before seen piece of malware called BlackSanta. 

The campaign was spotted by cybersecurity researchers Aryaka, who said the
attacks have been going on for at least a year, and include a rather
sophisticated infection chain. It most likely starts with a phishing email
pretending to share resumes for potential employees, including a link to a
Dropbox folder holding an ISO image. These files are clones of optical discs
and were rather popular in the early 2000s until thumb drives became more
affordable. These days, however, they can be seen as a major red flag since
they are rarely used outside of scams.

EDR killer  -- Still, those who
dont spot the ruse, download the ISO and extract it, will get multiple files,
including a shortcut file, and a PowerShell script. The script downloads a
malicious DLL file and a legitimate PDF reader, which is used to side-load 
the DLL. 

The DLL then first scans the system to see if its running in a sandbox
environment, or a virtual machine. If it deems the machine worthy of further
infection, it downloads additional payloads, among which is BlackSanta. 

This piece of malware is described as an EDR killer - meaning it terminates
endpoint detection and response tools before allowing further payloads to be
deployed. 

It is also capable of different things, depending on the type of EDR solution
found on the target device. For example, it can suppress Windows 
notifications to continue running even as the OS tries to alert the user 
about the ongoing attack.

Aryaka says the attackers were spotted in the wild, but did not say how many
organizations were attacked, or how many actually fell victim. It also did 
not discuss the identity of the attackers, but judging by the MO, it doesnt
seem to be any of the more popular, state-sponsored groups. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/russian-hackers-target-hr-departments-w
ith-vicious-new-blacksanta-malware

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/107)

-----------------------------------------------------------
[Voltar]