A North Korean APT has used new malware tools to infiltrate air-gapped systems.

A North Korea–linked threat actor, APT37, used five newly discovered malware tools in a campaign designed to infiltrate air‑gapped systems. The group relied on malicious LNK files to launch PowerShell scripts that deployed implants, loaders, and backdoors. These tools worked together to exfiltrate data through removable drives, leveraging Zoho WorkDrive for command‑and‑control. The attack chain also replaced legitimate USB files with malicious shortcuts to propagate malware across isolated networks.

Read more:

https://www.securityweek.com/north-korean-apt-targets-air-gapped-systems-in-recent-campaign/