BlackSanta Malware Targets HR Staff with Fake CV Downloads

Aryaka researchers have identified a new threat from a Russian-speaking group using ‘BlackSanta’ malware. By disguising attacks as job applications, hackers are bypassing security to target recruitment workflows.

Recruitment is usually the busiest department in any office, and right now, it is also the most dangerous. A new report released on 11 March 2026 by the research firm Aryaka has identified a surge in a specific type of cyberattack that doesn’t target IT experts, but HR staff instead. It is a classic case of hackers exploiting the one thing recruiters have to do every day: open files from strangers.

The threat, dubbed the BlackSanta malware campaign by Aryaka researchers, is believed to be the work of a Russian-speaking group that has been operating quietly for over a year. Their method is surgical; they target the specific workflows of recruiters, sending harmless-looking emails with links to CVs on sites like ...