North Korean APT Targets Air-Gapped Systems in Recent Campaign
Using Windows shortcut files, the APT deployed a new implant, a loader, a propagation tool, and two backdoors. The post North Korean APT Targets Air-Gapped Systems in Recent Campaign appeared first on SecurityWeek.
A North Korea-linked threat actor tracked as APT37 has been observed using five new malicious tools in a recent campaign targeting air-gapped systems, Zscaler reports.
Also tracked as ScarCruft, Ruby Sleet, and Velvet Chollima, APT37 has been active since 2012, focusing on data theft and surveillance and mainly targeting entities in South Korea.
As part of a campaign discovered in December 2025, named Ruby Jumper, APT37 was seen using LNK files to execute a PowerShell script and deploy multiple payloads, including a decoy document in Arabic about the Palestine-Israel conflict.
Source: https://www.securityweek.com/north-korean-apt-targets-air-gapped-systems-in-recent-campaign/
Related breach coverage
- APT37 combines cloud storage and USB implants to infiltrate air-gapped systems2026-03-02
North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz […]
- North Korean Hackers Target High-Profile Node.js Maintainers2026-04-06
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
- React2Shell Exploited in Large-Scale Credential Harvesting Campaign2026-04-03
Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems. The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek.
- Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud2026-02-23
Oleksandr Didenko sold the stolen identities of US citizens, allowing North Koreans to get hired using freelance work platforms. The post Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud appeared first on SecurityWeek.