⚠️ Region Alert: UAE/Middle East
The North Korea-linked Lazarus Group (also known as Diamond Sleet) has been identified deploying Medusa ransomware against an entity in the Middle East and a healthcare organization in the U.S. This activity marks a significant tactical pivot for the state-sponsored actor, which is increasingly adopting a Ransomware-as-a-Service (RaaS) model by acting as an affiliate for established cybercrime operations like Medusa and Qilin.
In these campaigns, the group utilizes a diverse arsenal including custom proxies like RP_Proxy, the Comebacker backdoor, and the BLINDINGCAN remote access trojan. Analysts suggest this shift toward off-the-shelf lockers is driven by pragmatism, allowing the threat actors to bypass the development costs of bespoke encryption payloads while maintaining a high volume of extortion attacks against critical sectors.
Top comments (0)