APT37 expands toolkit to pierce air gaps using removable media and cloud C2
Context and chronology
Private research telemetry attributed a coordinated December 2025 operation to the cluster tracked as APT37. Analysts reconstructed a chained intrusion designed to extract data from isolated or segmented networks: an initial social-engineered removable‑media lure, in‑memory loaders that staged a disguised interpreter runtime, a scheduled persistent execution cadence, and a cloud‑hosted command channel used to retrieve commands and payloads. The technical writeup from the original finder is available via Zscaler and provides indicators and technical notes.
At the component level, investigators described five distinct modules: a memory‑resident loader that decrypts later stages, a backdoored runtime installed under an innocuous utility name, a USB propagation/spreader that replaces or masks user files with shortcut stubs and uses drive roots as staging areas, a secondary dropper that leverages those staging locations for bidirectional relay, and an auxiliary Android package capable of keystroke, microphone and camera capture. The runtime was observed scheduled to execute on a tight five‑minute cadence to maintain persistence and trigger secondary actions, and several stages operated in memory to reduce forensic artifacts.
Operationally the campaign paired physical relays (removable media used to ferry commands and exfiltrated content across segmented boundaries) with abuse of a mainstream cloud storage service for command‑and‑control and payload hosting. That hybrid model reduces the utility of pure network‑monitoring approaches because callbacks and staging traffic can resemble legitimate cloud syncs and repository usage. The removable‑media mechanics allowed operators to bridge air gaps: USBs carried short command stubs and exfiltrated blobs between isolated hosts and externally reachable systems.
This activity fits a wider pattern seen in recent espionage operations: many actors are converging on low‑noise persistence, living‑off‑the‑land abuse, and cloud primitives to blend malicious activity into normal enterprise telemetry. Other recent disclosures (covering distinct clusters and vectors) underscore similar tradecraft — from cloud‑hosted C2 and long‑lived implants to memory‑only loaders and social engineering lures — although attribution, victim counts and specific tooling vary by investigation. Platform‑level interventions (for example, cloud provider takedowns) can disrupt operator infrastructure but do not erase implanted footholds or change the attractiveness of commodity cloud services for misuse.
For defenders the implications are concrete: organizations protecting classified enclaves, industrial control systems and high‑value research should treat removable media as a primary risk vector, instrument task scheduling and process starts for anomalous cadence, enforce strict media hygiene (disable autorun, enforce encryption and logging), and fuse endpoint, identity and cloud telemetry to detect benign‑looking callbacks that carry malicious intent. Cross‑sector collaboration with cloud and platform providers can remove infrastructure quickly, but long‑term resilience requires procedural controls, identity‑first architectures, and hardened runtimes that reduce the blast radius of staged interpreters.
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
India targeted by Pakistan‑linked APT36 in coordinated three‑pronged RAT campaign
A Pakistan‑linked actor tracked as APT36 is conducting coordinated espionage against Indian government and defense networks using three distinct RAT families across Windows and Linux hosts, emphasizing stealthy persistence and in‑memory execution. The tradecraft mirrors broader long‑duration intrusion campaigns—including session orchestration and social‑engineering techniques—so defenders should prioritize cross‑domain telemetry, identity‑first controls, and rapid session protections to detect and disrupt access.
Malware Campaign Used Hugging Face to Host Android RAT Payloads
Security researchers discovered an Android remote-access Trojan distributed via a dropper that redirected victims to Hugging Face-hosted payloads. The campaign used short-lived repositories and frequent payload updates to evade takedowns while abusing a popular model-sharing platform as a file host.
Google: Multiple APTs and crime syndicates widely exploited a critical WinRAR flaw
Google Threat Intelligence Group says a high-severity WinRAR vulnerability (CVE-2025-8088) has been actively abused for months by both nation-state actors and financially motivated groups. Attackers leveraged crafted RAR archives and hidden alternate data streams to place persistent payloads — affecting government, military, technology, travel, and banking targets globally.
Chinese-linked APT exploits zero-day and rootkits against Singapore telcos
A China-linked advanced persistent threat group targeted all four major Singapore telecommunications operators last year, using a firewall zero-day and rootkits to gain limited footholds. Authorities report no service outages or confirmed data theft so far, and are coordinating containment, remediation, and strengthened monitoring across the sector.
Google disrupts UNC2814 GridTide espionage campaign
Google and partners dismantled a cloud‑hosted espionage operation that used spreadsheets and SaaS APIs as covert command channels, attributed to the actor UNC2814 and a backdoor called GridTide . The takedown affects at least 53 organizations across 42 countries and highlights an accelerating trend: cloud services are becoming primary vectors for stealthy state‑linked intrusions.
North Korea-linked hackers deploy AI deepfakes and new malware against crypto and fintech firms
Security researchers attribute a recent surge of tailored intrusions against cryptocurrency, fintech and venture firms to a North Korea-linked cluster that combined AI-generated deepfakes with social engineering to deliver seven distinct malware families. The campaign introduced multiple novel data-harvesting tools, leveraged automated reconnaissance and trusted collaboration channels, and highlights parallel risks from exposed AI endpoints and unvetted plugin ecosystems that amplify attacker scale.
Hackers Rapidly Exploit Critical BeyondTrust Remote-Access Flaw After PoC Emerges
A critical unauthenticated remote-code execution bug (CVE-2026-1731) in BeyondTrust Remote Support and Privileged Remote Access was probed and targeted within 24 hours of a public proof-of-concept, exposing thousands of internet-facing instances. Organizations should treat exposed BeyondTrust deployments as emergency patching and containment priorities, applying access restrictions, WAF/ACL rules, and focused threat-hunting while verifying remediation.
Operation Bizarre Bazaar: Criminal Network Hijacks Exposed LLM Endpoints for Profit and Access
A coordinated criminal campaign scans for unauthenticated LLM and model-control endpoints, then validates and monetizes access—running costly inference workloads, selling API access, and probing internal networks. Some exposed targets are agentic connectors and admin interfaces that can leak tokens, credentials, or execute commands, dramatically raising the stakes beyond billable inference.