{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigc4h5tb7gsnq3lq64kpttihieczipzyhzf7tk7gvqmkqr6p7uxtq",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mftu7fy5emt2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreih6dlmkusrexvirmf6atbxekp4tl2r3cb7ehdv2ipsczumfda2eqa"
    },
    "mimeType": "image/jpeg",
    "size": 106707
  },
  "path": "/2026/02/scarcruft-uses-zoho-workdrive-and-usb.html",
  "publishedAt": "2026-02-27T12:43:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks.\nThe campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware",
  "title": "ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks"
}