North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks

North Korean cyber operations are moving into the commercial ransomware market, pointing to a stronger focus on generating direct financial gains. Recent evidence from the Symantec and Carbon Black Threat Hunter Team shows the notorious state-backed Lazarus Group has been deploying Medusa ransomware against targets in the Middle East and attempting to breach healthcare organizations in the United States.

While the US attempt failed, the incident confirms that state-sponsored actors are increasingly utilizing established cybercrime tools to bypass traditional protection.

For your information, the Medusa ransomware operates as a service where affiliates use the software to lock down networks and demand payments in exchange for a cut of the profit. Since its arrival in 2023, the group behind the code has been linked to over 300 successful attacks, including Comcast and NASCAR.

Now, by joining hands with Medusa, Lazarus has gained access to an existing infrastructure that hides their identity ...