Fake job applications pack malware that kills EDR before stealing data
Summary
Russian-speaking attackers are distributing fake job applications containing malware designed to disable Endpoint Detection and Response (EDR) solutions. Once the defenses are down, the malware proceeds to steal sensitive data from compromised corporate systems, specifically targeting HR departments.
IFF Assessment
This is bad news for defenders because attackers are developing novel methods to bypass security controls and then exfiltrate data, increasing the potential for successful breaches.
Defender Context
Defenders should be aware of social engineering tactics targeting HR departments, particularly the use of ISO files as delivery mechanisms for malware. It highlights the ongoing need for robust EDR solutions and user awareness training to prevent the initial infection and lateral movement of attackers.