North Korean Lazarus group linked to Medusa ransomware attacks
Bleeping Computer
by Bill ToulasFebruary 24, 2026
AI-Generated Deep Dive Summary
North Korean state-backed hackers linked to the Lazarus threat group are targeting U.S. healthcare organizations with the Medusa ransomware in extortion attacks. The Medusa ransomware-as-a-service (RaaS) operation, which emerged in January 2021, has impacted over 300 organizations across critical infrastructure sectors by February 2025. Since then, researchers have identified at least another 80 victims, with recent attacks targeting healthcare and non-profit organizations, including an educational facility for autistic children.
Symantec reports that a Lazarus subgroup, possibly Andariel/Stonefly, is using Medusa in financially motivated cyberattacks. The tools used in these attacks show connections to other North Korean groups like Diamond Sleet, which typically targets media, defense, and IT industries. However, some of the utilities seen in Medusa attacks are commodity tools, including Come
Verticals
securitytech
Originally published on Bleeping Computer on 2/24/2026