Ruby Jumper – A new malware campaign exploiting LNK and cloud C2 to control victim systems

Introduction In December 2025, researchers from Zscaler ThreatLabz discovered a new cyberattack campaign linked to the APT37 group—also known as ScarCruft, Ruby Sleet, and Velvet Chollima—a hacker gro