Russian-Speaking Cyberattack Campaign "BlackSanta" Targets HR Workflows to Disable EDR Systems

A Russian-speaking cyberattacker campaign, dubbed "BlackSanta," targets HR workflows to deploy malware designed to disable endpoint detection and response (EDR) systems. The attack hijacks legitimate workflows to deliver the malware, enabling data theft without detection. No specific technical details, dates, or CVE IDs were provided in the report. The primary impact is the evasion of security tools, allowing attackers to exfiltrate data undetected. The campaign is attributed to threat actors operating in Russian-speaking regions.