Symantec researchers linked North Korean state-backed Lazarus actors to financially motivated deployments of Medusa ransomware against at least two institutions, including a company in the Middle East and a U.S. healthcare organization. The report indicates a shift from in-house strains like Maui to ransomware-as-a-service offerings and attributes the intrusions using Lazarus-specific tools. #Medusa #Lazarus
Keypoints
- Lazarus-linked actors deployed Medusa ransomware against a Middle Eastern company and a U.S. healthcare organization.
- Medusa operates as a ransomware-as-a-service and has been linked to more than 350 attacks since 2023.
- Symantec attributed the attacks to Lazarus/Andariel through exclusive custom tools, including a backdoor and a Chrome password extractor.
- North Korean actors appear to be shifting from in-house strains like Maui to using RaaS affiliates for financial gain.
- Nation-state groups are increasingly coordinating with cybercriminals to monetize operations or conceal espionage activity.
Read More: https://therecord.media/north-korean-hackers-using-medusa-ransomware