North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance.

The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid.

Air-gapped computers are disconnected from external networks, especially the public internet. Physical isolation is achieved at the hardware level by removing all connectivity (Wi-Fi, Bluetooth, Ethernet), while logical segregation relies on various software-defined controls, like VLANs and firewalls.