⚠️ Region Alert: UAE/Middle East
The North Korea-linked Lazarus Group, also known as Diamond Sleet, has been identified deploying Medusa ransomware in a campaign targeting an unnamed entity in the Middle East and healthcare organizations in the United States. This activity, reported by Symantec and Carbon Black, highlights a strategic pivot where state-sponsored actors are increasingly functioning as affiliates for established Ransomware-as-a-Service (RaaS) operations like Medusa and Qilin.
Historically known for developing bespoke ransomware such as Maui and H0lyGh0st, the group's shift to off-the-shelf lockers suggests a pragmatic approach to maximize efficiency and reduce development overhead. Despite utilizing third-party encryption payloads, the Lazarus Group continues to employ its proprietary toolkit, including the Comebacker backdoor, BLINDINGCAN remote access trojan, and various custom credential stealers to facilitate their extortion efforts.
Top comments (0)