New ‘BlackSanta’ EDR killer spotted targeting HR departments
Summary
A Russian-speaking threat actor has been observed targeting HR departments for over a year with a new EDR killer malware named BlackSanta. This malware bypasses security defenses by disabling endpoint detection and response (EDR) solutions. The attacks often involve phishing campaigns and leverage social engineering tactics to achieve their objectives.
IFF Assessment
The emergence of a new EDR killer malware that actively disables security protections poses a significant threat to defenders.
Defender Context
Defenders should be aware of sophisticated malware like BlackSanta that aims to disable EDR solutions, requiring layered security approaches and enhanced monitoring. Threat actors targeting HR departments highlights the need for specific security awareness training for these sensitive roles.