Home/Tag/Apt37

Apt37

3 articles tagged with "Apt37"

Threat Intelligence4 min read

APT37 Exploits Facebook Friendships to Deploy RokRAT

North Korean threat actors are befriending targets on Facebook, building trust over weeks, then delivering RokRAT malware through trojanized PDF readers. Military and government officials targeted.

Alex KowalskiApr 29, 2026

Threat Intelligence5 min read

APT37 Deploys Five New Tools to Breach Air-Gapped Networks

North Korean APT37's Ruby Jumper campaign uses RESTLEAF, THUMBSBD, and FOOTWINE malware to exfiltrate data from isolated systems via USB drives.

Alex KowalskiMar 15, 2026

Threat Intelligence4 min read

APT37 Ruby Jumper Campaign Targets Air-Gapped Networks

North Korean APT37 deploys six new malware tools to breach air-gapped systems using USB drives and cloud C2. Zscaler reveals RESTLEAF, THUMBSBD, and FOOTWINE surveillance capabilities.

Alex KowalskiFeb 27, 2026