For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.

Described as “sophisticated,” the campaign mixes social engineering with advanced evasion techniques to steal sensitive information from compromised systems.

It is unclear how the attack begins, but researchers at Aryaka, a network and security solutions provider, suspect that the malware is distributed via spear-phishing emails.