Ethical Hacking News
The Lazarus Group has been using the Medusa ransomware in Middle Eastern and U.S. healthcare attacks, marking a significant escalation in the global health crisis caused by cyber threats.
The Lazarus Group has been using Medusa ransomware in Middle Eastern and U.S. healthcare attacks. The Medusa ransomware has already claimed over 366 attacks on various organizations worldwide. The group is utilizing established RaaS groups like Medusa, demonstrating a pragmatic approach. Attacks against four healthcare organizations in the U.S. have taken place since November 2025 with an average ransom demand of $260,000. The Lazarus Group's tactics may indicate a shift towards more opportunistic approaches in cybercrime. The use of Medusa ransomware marks a significant escalation in the global health crisis caused by cyber threats.
The recent news that the Lazarus Group, a North Korean-linked cybercrime organization, has been using the Medusa ransomware in Middle Eastern and U.S. healthcare attacks marks a significant escalation in the global health crisis caused by cyber threats. The Medusa ransomware, launched by Spearwing in 2023, has already claimed over 366 attacks on various organizations worldwide.
According to a report shared with The Hacker News by Broadcom's threat intelligence division, the Lazarus Group's Medusa campaign includes the use of various tools such as RP_Proxy, Mimikatz, Comebacker, InfoHook, BLINDINGCAN (aka AIRDRY or ZetaNile), and ChromeStealer. These tools demonstrate the group's willingness to adapt and utilize existing threat intelligence to further their malicious goals.
The Medusa leak site reveals that attacks against four healthcare organizations in the U.S. have taken place since November 2025, with an average ransom demand of $260,000. The victims included a non-profit organization in the mental health sector and an educational facility for autistic children. It is unclear whether these attacks were carried out by North Korean operatives or by Medusa affiliates.
The Lazarus Group's use of Medusa ransomware marks a significant shift in their tactics, as they have seemingly transitioned from custom-developing their own ransomware families to utilizing established RaaS groups like Medusa. This change may indicate that the group is adopting a more pragmatic approach, leveraging existing threat intelligence to maximize their chances of success.
The switch to Medusa demonstrates that North Korea's involvement in cybercrime continues unabated. The Lazarus Group has previously been linked to various ransomware campaigns, including those involving bespoke ransomware families such as SHATTEREDGLASS, Maui, and H0lyGh0st. However, the use of off-the-shelf RaaS groups like Medusa may signal a shift towards more opportunistic tactics.
The fact that the Lazarus Group has targeted organizations in the U.S. healthcare sector is particularly concerning, given the potential for significant reputational damage. The group's apparent lack of concern for this aspect of their operations suggests that they are willing to take risks and push boundaries to achieve their goals.
As cybersecurity threats continue to evolve, it is essential for organizations to stay vigilant and adapt their defenses accordingly. The Lazarus Group's Medusa ransomware campaign serves as a reminder of the importance of robust security measures and the need for swift action in response to emerging threats.
The impact of this attack will be felt far beyond the targeted organizations, with potential reverberations for the global healthcare community. As cybersecurity experts, it is our responsibility to shed light on these developments and provide guidance to those who can take steps to mitigate the risks associated with such attacks.
In conclusion, the Lazarus Group's Medusa ransomware campaign marks a significant escalation in the global health crisis caused by cyber threats. The use of established RaaS groups like Medusa highlights the group's pragmatic approach and willingness to adapt their tactics in pursuit of maximum impact. As we move forward, it is essential that organizations prioritize their cybersecurity posture and remain vigilant in the face of emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Lazarus-Groups-Medusa-Ransomware-Campaign-A-Global-Health-Crisis-ehn.shtml
https://thehackernews.com/2026/02/lazarus-group-uses-medusa-ransomware-in.html
https://www.infosecurity-magazine.com/news/north-korean-lazarus-group-medusa/
https://www.picussecurity.com/resource/blog/lazarus-group-apt38-explained-timeline-ttps-and-major-attacks
https://en.wikipedia.org/wiki/Lazarus_Group
https://www.darkreading.com/cyberattacks-data-breaches/spearwing-raas-cyber-threat-scene
https://cybernews.com/cybercrime/medusa-ransomware-surge-spearwing-hackers/
Published: Tue Feb 24 09:24:19 2026 by llama3.2 3B Q4_K_M
