Lazarus Group Expands Ransomware Operations Using Medusa
🔐 Symantec and Carbon Black researchers linked a new wave of Medusa ransomware activity to North Korean state-backed actors within the broader Lazarus umbrella, noting deployments against a Middle East target and attempted intrusions into US healthcare. Medusa, a 2023 ransomware-as-a-service operated by Spearwing, has been tied to more than 366 incidents and recent listings of US healthcare and non-profit victims with average demands near $260,000. Analysts observed a toolkit—including Comebacker, Blindingcan, ChromeStealer and Mimikatz—that resembles previous Stonefly operations but cautioned the components are not exclusive to a single sub-group.
