Signal

North korean cyber actors enhance tactics to breach air-gapped networks

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-27 12:43 UTCUpdated 2026-02-27 14:15 UTC

rss

securityexpands_toolkit

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

North Korea's APT37 Expands Toolkit to Breach Air-Gapped Networks

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-02-27 14:15 UTC

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

thehackernews · News · thehackernews.com · 2026-02-27 12:43 UTC

limited source diversity in top sources

View all evidence

Overview

Recent reports highlight the evolving tactics of North Korean cyber threat actors, particularly APT37 and ScarCruft, in their efforts to breach air-gapped networks. Security researchers from Zscaler ThreatLabz have identified five new tools utilized by APT37, enhancing their capabilities for infiltration. Meanwhile, ScarCruft has been linked to a new campaign, codenamed Ruby Jumper, which employs a backdoor leveraging Zoho WorkDrive for command-and-control communications and utilizes USB malware to relay commands.

Score total

0.97

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent discoveries reveal new tools being used by North Korean actors.
The ongoing threat to air-gapped networks necessitates immediate attention.
Increased activity from these groups signals a need for heightened cybersecurity measures.

Why it matters

North Korean cyber operations pose significant risks to global cybersecurity.
The use of innovative tools highlights the evolving nature of cyber threats.
Understanding these tactics is crucial for developing effective defense strategies.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

North Korea's APT37 has expanded its toolkit with five new tools for breaching air-gapped networks.
ScarCruft uses Zoho WorkDrive and USB malware to breach air-gapped networks in a campaign called Ruby Jumper.

How sources frame it

Infosecurity Magazine: neutral
The Hacker News: neutral

All evidence

North Korea's APT37 Expands Toolkit to Breach Air-Gapped Networks

Infosecurity Magazine · infosecurity-magazine.com · 2026-02-27 14:15 UTC

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

thehackernews · thehackernews.com · 2026-02-27 12:43 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

Infosecurity Magazine (1)
thehackernews (1)

Top origin domains (this list)

infosecurity-magazine.com (1)
thehackernews.com (1)