North Korean Lazarus Group linked to Medusa ransomware used against Middle East and U.S. healthcare targets, researchers say.
Cybersecurity researchers have linked the North Korean state-linked Lazarus Group to recent attacks using Medusa ransomware against a target in the Middle East and healthcare organisations in the United States, marking the first time this threat actor has been tracked deploying Medusa in financially motivated ransomware operations.
The Symantec and Carbon Black Threat Hunter Team reported that Lazarus also known by aliases such as Diamond Sleet and Pompilus used Medusa ransomware tools in at least one confirmed extortion campaign, encrypting systems and demanding ransom payments. This follows the group’s historic use of other malware families, but is the first documented case of them adopting Medusa, a ransomware-as-a-service (RaaS) strain operated by affiliates and tied to a large number of global extortion cases.
Medusa ransomware operates on a double-extortion model in which attackers first steal sensitive data before encrypting systems, then threaten to leak the information on dark web forums if ransoms are not paid. Analysts say this approach maximises pressure on victims and has been used in hundreds of attacks worldwide since the strain emerged.
The recent Lazarus-linked incidents targeted an unnamed entity in the Middle East and a U.S. healthcare organisation, underscoring a worrying trend of nation-backed groups leveraging criminal ransomware ecosystems to fund illicit operations. The switch to Medusa indicates that Lazarus is increasingly willing to adopt third-party ransomware frameworks rather than relying solely on custom-built malware.
Cybersecurity experts urge organisations in critical sectors, including healthcare and government services, to strengthen defensive measures such as patching known vulnerabilities, implementing robust backup strategies, and monitoring network activity for signs of compromise to mitigate the damage from ransomware attacks.
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
