Web Scouter
Back to News
Security NewsHighIncidentunauthorized access

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

UnknownFeb 27, 2026(about 1 month ago)

ScarCruft uses Zoho WorkDrive and USB malware to breach air-gapped networks, using WorkDrive for C2 communications.

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware

Related News

StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs

Unknown14 minutes ago

Lloyds Data Security Incident Impacts 450,000 Individuals

Unknown28 minutes ago

Hacker charged with stealing $53 million from Uranium crypto exchange

Unknownabout 1 hour ago

Get Personalized Alerts

Track vendors and receive alerts when security incidents affect your supply chain.

What We Monitor

Security Incidents

Data breaches, ransomware, and unauthorized access

Vulnerabilities

CVEs and vendor security advisories

Compliance Updates

Regulatory changes and certification news

Legal News

Privacy laws and enforcement actions

Vendor Directory

Browse our directory of SaaS vendors with security documentation and compliance information.