Back

APT37 Hackers Deploy Custom Malware Against Air-Gapped Systems

Severity: High (Score: 70.4)

Sources: Oodaloop, Zscaler, Infosecurity-Magazine, Bleepingcomputer, Cybersecuritynews

Summary

North Korean threat group APT37 has initiated a campaign named Ruby Jumper, utilizing new custom malware to target air-gapped systems, which are typically isolated from the internet. This marks a significant advancement in their cyber capabilities, as air-gapped systems are considered highly secure. The operation aims to breach these systems, potentially impacting sensitive data and infrastructure.

Key Entities

  • Apt37 (apt_group)
  • InkySquid (apt_group)
  • Ricochet Chollima (apt_group)
  • ScarCruft (apt_group)
  • Malware (attack_type)
  • Ruby Jumper (campaign)
  • North Korea (country)
  • Bluelight (malware)
  • Footwine (malware)
  • Restleaf (malware)
  • Snakedropper (malware)
  • Thumbsbd (malware)
  • 098d697f29b94c11b52c51bfe8f9c47d (md5)
  • 4214818d7cde26ebeb4f35bc2fc29ada (md5)
  • 476bce9b9a387c5f39461d781e7e22b9 (md5)
  • 57dac5f7d21da2454d0fbefdced80bf3 (md5)
  • 585322a931a49f4e1d78fb0b3f3c6212 (md5)
  • T1053 - Scheduled Task/Job (mitre_attack)
  • T1059.001 - PowerShell (mitre_attack)
  • Android (platform)
  • Windows (platform)
  • Ruby (platform)
  • PowerShell (tool)
  • Usbspeed.exe (tool)
  • Zoho WorkDrive (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed