Threat actors who speak Russian are targeting HR workflows with an attack campaign that uses steganographic image files to hide a malicious tool that can compromise enterprise detection and response (EDR) systems This article explores security hr systems. . According to Aditya K. Sood, vice president of security engineering and AI strategy at Aryaka, this enables attackers to steal confidential information from compromised systems while preserving HTTPS communication with its command-and-control (C2) server "with little chance of detection."
Regarding the campaign's ultimate payload, he tells ZeroOwl, "In simpler terms, BlackSanta is a bring-your-own-vulnerable-device (BYOVD)-based EDR killer."
Related: For Years, a Chinese Cyberthreat Has Lurked in Vital Asian Sectors Attackers use standard HR workflows, where hiring teams regularly open resumes and attachments sent by job applicants, "which unintentionally creates an easy entry point for attackers," to accomplish their ultimate goal, according to Sood. Sood recommended that security teams apply endpoint hardening, attachment controls, and monitoring to HR environments, which are usually reserved for more valuable systems. Sood tells ZeroOwl that "organizations should treat HR workflows with the same defensive rigor as finance and IT administrative functions."
"The possibility that such attacks will be successful can be considerably decreased by bolstering endpoint security on HR systems, keeping an eye out for anomalous activity, and raising security awareness among recruiting teams.
