Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.

The operation, detailed in a threat report from networking and security outfit Aryaka, exploits one of the most mundane workflows within an organization: hiring.

Researchers say the bait arrives as what looks like a perfectly normal job application sitting on a well-known cloud storage service. To the recruiter skimming through a stack of candidates, it appears to be just another CV, but opening it quietly kicks off a series of background actions that knock out security tools and hand the attackers a foothold on the machine.

"An HR professional receives what appears to be a perfectly normal resume," said Aditya K Sood, VP of Security Engineering and AI Strategy at Aryaka. "The candidate profile seems relevant. The hosting link points to a familiar ...