Ruby Jumper is a threat campaign tracked across 1 threat cluster and 2 intelligence report mentions on ThreatCluster. First observed February 27, 2026; most recent activity February 27, 2026.
North Korean threat group APT37 has initiated a campaign named Ruby Jumper, utilizing new custom malware to target air-gapped systems, which are typically isolated from the internet. This marks a significant advancement…