TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

North Korean Lazarus Group Expands Ransomware Activity With Medusa

2026-02-24 · Read original ↗

ATT&CK techniques detected

5 predictions
T1486Data Encrypted for Impact
92%
“researchers warn of new " vect " raas variant links with the lazarus group the new activity has been attributed broadly to the lazarus group, a state - sponsored umbrella organization. however, it remains unclear which sub - groups of lazarus are behind the attacks, according to …”
T1486Data Encrypted for Impact
89%
“north korean lazarus group expands ransomware activity with medusa a new wave of cyber - attacks using medusa ransomware has been linked to north korean state - backed hackers, who continue to target the us healthcare sector despite recent indictments. researchers from the symant…”
T1588.001Malware
52%
“north korean lazarus group expands ransomware activity with medusa a new wave of cyber - attacks using medusa ransomware has been linked to north korean state - backed hackers, who continue to target the us healthcare sector despite recent indictments. researchers from the symant…”
T1585.002Email Accounts
41%
“north korean lazarus group expands ransomware activity with medusa a new wave of cyber - attacks using medusa ransomware has been linked to north korean state - backed hackers, who continue to target the us healthcare sector despite recent indictments. researchers from the symant…”
T1657Financial Theft
32%
“north korean lazarus group expands ransomware activity with medusa a new wave of cyber - attacks using medusa ransomware has been linked to north korean state - backed hackers, who continue to target the us healthcare sector despite recent indictments. researchers from the symant…”

Summary

Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks