APT37 hackers use new malware to breach air-gapped networks
Summary
The North Korean APT37 hacking group is using new malware, delivered via removable drives, to bridge air-gapped networks and conduct covert surveillance. This new toolset allows them to move data between connected and isolated systems.
IFF Assessment
APT37's new tools provide them with enhanced capabilities to compromise air-gapped networks, increasing the threat to sensitive environments.
Defender Context
Defenders should monitor for suspicious activity involving removable drives, especially in environments with air-gapped systems. Organizations need to implement robust endpoint detection and response (EDR) and intrusion detection systems (IDS) to identify and mitigate APT37's new malware and tactics, techniques, and procedures (TTPs). This highlights the continued threat from nation-state actors and the need for proactive security measures to protect against advanced persistent threats.