North Korean APT37 Ruby Jumper Campaign Targets Air-Gapped Systems

North Korean APT37 (ScarCruft, Ruby Sleet) deployed Ruby Jumper malware to infect air-gapped networks. The campaign uses five new tools: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, and FOOTWINE. Attackers bridge internet-connected and isolated systems through USB drives. Zscaler ThreatLabz uncovered the operation targeting Arabic-speaking users. Malicious LNK files disguised as Palestine-Israel conflict documents start infections. RESTLEAF downloads […] The post North Korean APT37 Ruby Jumper Campaign Targets Air-Gapped Systems appeared first on VPN Central.