BlackSanta HR resume-phishing campaign
Campaign
Summary
Hide ▲
Show ▼
A BlackSanta phishing campaign is targeting HR and recruiting staff, using resume-themed files to deliver malware and evade EDR controls. The operation relies on phishing emails and a multi-stage infection chain that starts when a lure file is opened. It performs reconnaissance, checks for virtual machines and sandboxes, and attempts geographic filtering before deploying additional payloads. The activity has reportedly run largely undetected for over a year and is linked broadly to likely Russian-speaking actors.
Related Happenings
BlackSanta EDR killer malware activity targeting HR departments
Malware Activity
First: 11.03.2026 00:57
Last: 11.03.2026 00:57
Sources 1
How related:
The operation, uncovered by Aryaka Threat Research Lab, uses a specialized tool known as BlackSanta to disable endpoint detection and response (EDR) systems after a device has been compromised.
About this happening:
The **BlackSanta** malware operation has run for **more than a year**, targeting **HR departments** and using an **EDR killer** to weaken host defenses before payload execution. T...
BlackSanta EDR killer malware activity targeting HR departments
Malware ActivityHow related: The operation, uncovered by Aryaka Threat Research Lab, uses a specialized tool known as BlackSanta to disable endpoint detection and response (EDR) systems after a device has been compromised.
About this happening: The **BlackSanta** malware operation has run for **more than a year**, targeting **HR departments** and using an **EDR killer** to weaken host defenses before payload execution. T...
Kimsuky QR-code spear-phishing campaign against think tanks and government entities
Campaign
First: 09.01.2026 07:46
Last: 09.01.2026 07:46
Sources 1
About this happening:
The **FBI** warned that **Kimsuky (APT43)** is running a **QR-code spear-phishing campaign** that targets **think tanks, academic institutions, and U.S. and foreign government ent...
Kimsuky QR-code spear-phishing campaign against think tanks and government entities
CampaignAbout this happening: The **FBI** warned that **Kimsuky (APT43)** is running a **QR-code spear-phishing campaign** that targets **think tanks, academic institutions, and U.S. and foreign government ent...
Timeline
-
11.03.2026 16:30 2 articles · 2mo ago
Aryaka discloses BlackSanta resume-phishing campaign
Initial DisclosureAryaka Threat Research Lab disclosed a new malware campaign targeting human resources and recruiting staff, where phishing emails carry links to files presented as resumes or job applications. The multi-stage infection chain deploys BlackSanta to disable endpoint detection and response (EDR) and antivirus after compromise, while also performing system reconnaissance, checks for virtual machines, sandboxes and debugging tools, geographic filtering, and downloading additional malicious payloads; Aryaka says the actors are likely Russian-speaking.
Show sources
- BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign — www.infosecurity-magazine.com — 11.03.2026 16:30
- BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign — www.infosecurity-magazine.com — 11.03.2026 16:30