North Korea's ScarCruft built Ruby Jumper, a five-component toolchain that breaches air-gapped networks by installing a disguised Ruby runtime, weaponizing USB drives as bidirectional command channels, and deploying full-spectrum surveillance including keylogging, audio, and video capture inside physically isolated environments. Separately, Aeternum C2 is a new botnet that writes encrypted commands to smart contracts on the Polygon blockchain, eliminating all traditional takedown mechanisms — no servers to seize, no domains to sinkhole, and $1 of MATIC funds 150 command transactions. Together with the week's coverage of AI supply chain attacks, government database breaches, vishing recruitment, and cloud-based espionage, a clear pattern emerges: every assumption of isolation — physical, logical, legal, and operational — is being systematically dissolved.

Links & Resources

• https://thehackernews.com/2026/02/scarcruft-uses-zoho-workdrive-and-usb.html
• https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/
• https://www.threatintelreport.com/2026/02/26/articles/apt37-ruby-jumper-campaign-bridges-air-gapped-networks-using-usb-and-a-portable-ruby-runtime/
• https://thehackernews.com/2026/02/aeternum-c2-botnet-stores-encrypted.html
• https://www.infosecurity-magazine.com/news/aeternum-botnet-c2-polygon/
• https://www.securityweek.com/aeternum-botnet-loader-employs-polygon-blockchain-cc-to-boost-resilience/
• https://hackread.com/aeternum-c2-botnet-polygon-blockchain/
• https://www.scworld.com/brief/aeternum-c2-botnet-leverages-blockchain-for-resilient-command-and-control