‘BlackSanta’ EDR Killer Targets HR Workflows

Russian-speaking cyberattackers are targeting HR workflows with a campaign that delivers malware called “Black Santa.” This malware, disguised within steganographic image files, can disable security protections at a deep system level, allowing attackers to steal sensitive data while maintaining communication with their command-and-control server. The attack begins with a resume-themed ISO file, which, when opened, executes obfuscated PowerShell commands to extract hidden payloads and deploy the EDR killer.