Lazarus Group Picks a New Poison: Medusa Ransomware
Summary
The Lazarus Group, a North Korean threat actor, has added Medusa ransomware to its arsenal. They also used Comebacker backdoor, Blindingcan RAT, and Infohook info stealer in recent attacks, indicating a diverse toolkit for targeting victims.
IFF Assessment
The adoption of a new ransomware strain by a sophisticated threat actor like Lazarus Group expands their potential attack vectors and increases the risk to potential targets.
Defender Context
Defenders should be aware of the Lazarus Group's evolving tactics, techniques, and procedures (TTPs), including the use of Medusa ransomware and other tools. Organizations should implement robust security measures, including regular security audits, vulnerability scanning, and employee training, to mitigate the risk of attacks from this group and other similar threat actors. Monitoring for indicators of compromise (IOCs) associated with Lazarus Group and the mentioned malware families is also critical.