APT / THREAT GROUP
Ruby
1
aliases
Intelligence Profile
ransomware
Threat Analysis
Ruby is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Ruby
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
The Hacker News· May 13, 2026
Hundreds of Malicious Packages Force RubyGems to Suspend Registrations
SecurityWeek· May 13, 2026
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
The Hacker News· May 12, 2026
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
The Hacker News· May 1, 2026
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The Hacker News· Feb 27, 2026
Quick Facts
TypeAPT / Threat Group
Aliases1
Also Known As
Ruby
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.