ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

Updated on February 27, 2026

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks.
The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware…

Read the rest of the story at Read More

Source: The Hacker News

May 20, 2025 Uncategorized

The Crowded Battle: Key Insights from th...

December 31, 2024 Uncategorized

New U.S. DoJ Rule Halts Bulk Data Transf...

September 8, 2025 Uncategorized

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

Related posts

The Crowded Battle: Key Insights from th...

New U.S. DoJ Rule Halts Bulk Data Transf...

⚡ Weekly Recap: Drift Breach Chaos, Ze...

Leave a Comment Cancel reply

Recent News

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Expert Recommends: Prepare for PQC Right Now