ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

Published: 3 days ago (February 27, 2026 at 07:43 AM EST)

1 min read

Source: The Hacker News

Summary

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command‑and‑control (C2) communications to fetch additional payloads, and an implant that leverages removable media to relay commands and breach air‑gapped networks.

The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware.

Back to Blog

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia‑linked state‑sponsored threat actor known as APT28, according to n...

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw Fixes High‑Severity Security Issue ClawJacked !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMEZ7gMViZ9XlXs35FiyviBZR19FbDXmatfjhNRw59da...

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

'Ravie Lakshmanan Feb 28 2026 – National Security / Artificial Intelligence

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Overview Cybersecurity researchers have disclosed a malicious Go module that harvests passwords, creates persistent SSH access, and deploys a Linux backdoor kn...

Summary

Related posts

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor