ScarCruft Ruby Jumper: How North Korean Hackers Breach Air-Gapped Networks via USB and Zoho WorkDrive in 2026

North Korea's ScarCruft (APT37) just raised the bar for air-gapped network attacks. Their new Ruby Jumper campaign, discovered by Zscaler ThreatLabz in December 2025, deploys six custom malware families — including a backdoor that abuses Zoho WorkDri...