• Cyberattacks & Data Breaches Cyber Risk Endpoint Security Threat Intelligence News Lazarus Group Picks a New Poison: Medusa Ransomware The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks. • February 24, 2026 The Larazus Group has a new partner in crime. • The North Korean nation-state threat group dropped Medusa ransomware in a recent attack on an organization in the Middle East, according to new research from the Symantec and Carbon Black threat hunter team.Lazarus Groupactors also attempted an unsuccessful attack on a US healthcare organization. • The researchers didn’t identify either organization or specify the Middle East target’s industrial sector. • Lazarus Group’s embrace of Medusa shows the Democratic People’s Republic of Korea’s (DPRK) “rapacious involvement in cybercrime continues unabated,” the researchers wrote. • The attacks are also the latest example of the threat group’s penchant forhitting critical infrastructure targets, most notably healthcare entities.

Article Summaries:

  • Symantec and Carbon Black researchers report that North Korea’s Lazarus Group deployed Medusa ransomware in a recent Middle‑East attack, targeting a non‑strategic business for financial gain. The same actors also unsuccessfully targeted a U.S. healthcare organization. Medusa, which has shifted to a ransomware‑as‑a‑service model, is a fitting partner for Lazarus given its history of financially motivated attacks on critical infrastructure. In addition to the ransomware, investigators found Lazarus‑linked malware such as the Comebacker backdoor, Blindingcan RAT, and Infohook infostealer. The specific sub‑unit of Lazarus responsible remains unidentified, though tactics align with the Stonefly group.

Sources: