Comments
Matt • February 27, 2026 6:17 PM
This would be a funny way for a legit company to screen out bad candidates: Include comments that say “Do not run this code as-is or you fail” and if you run it it contacts the employer and says “The candidate ran the code”. Instead what you want is the candidate to contact you and say “I found the ‘do not run this'” comment instead.
ResearcherZero • February 28, 2026 3:29 AM
@Bruce
North Korean group APT37 has a new set of tools for weaponizing removable media, exfiltrating data and operating backdoors dropped on systems in air-gapped networks.
‘https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks
Clive Robinson • February 28, 2026 4:54 AM
@ ResearcherZero,
With regards,
“North Korean group APT37 has a new set of tools for weaponizing removable media”
You left out two important words “Microsoft Windows”.
With Microsoft badly handling Win11 and suffering “self inflicted reputational damage” with the larges calibre of “foot-gun” people are starting to look elsewhere than Microsoft OSs.
I have been pleasantly surprised by how many “Silver Surfers” are moving over to alternative OS’s with considerable ease.
This has been aided for others by the Push for AI taking “PC Upgrades” beyond their financial abilities due to memory and storage scarcity and price increase of 30-50%…
Unlike a Win11 upgrade, moving to alternative OS’s can happen on existing hardware and in quite a few cases make the PC more spritely than when running Win10 or even earlier MS OS’s…
Also the “apps” they actually need on alternative OSs don’t need “cloud connectivity” and all the nonsense that comes with it…
Recent news suggests various EU local Governments are looking at “cost savings” by “Dump the Chump”… Of removing MS and other US Corporate lunacy of AI nonsense and the impossible to meet legal issues it raises.
This is going to cause issues for some APT malware users like APT37.
As for “air-gap crossing” I won’t say it’s “easy” but when I described how to do part of it around a decade and a half ago it was considered by many to be “impossibly difficult” thus not worth considering as a threat vector. I’m glad that some are now taking it a little more seriously and putting it high up in their threat vector risk list.
Paul Sagi • February 28, 2026 9:05 AM
It seems like North Korean spear phishing.
I would think any serious coder would not run code without first sandboxing, examining and understanding it.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Me • February 27, 2026 3:14 PM
This isn’t new at all. It might be new to the North Koreans, but bad actors have been trying to get job applicants to install malware for years in hopes someone will run it on their work machine and it will allow the attacker to get a foothold in the corporate network.