Key Findings ScarCruft, a North Korean threat actor, has been attributed to a new set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications. The campaign, codenamed "Ruby Jumper" by Zscaler ThreatLabz, involves the deployment of various malware families to facilitate surveillance on victim systems. One of the malware components, THUMBSBD, uses removable media to relay commands and transfer data between internet-connected and air-g
