Key Findings The North Korea-linked Lazarus Group has been observed using the Medusa ransomware in attacks targeting an entity in the Middle East and an unsuccessful attempt against a healthcare organization in the U.S. Medusa is a ransomware-as-a-service (RaaS) operation launched by a cybercrime group known as Spearwing in 2023, with over 366 claimed attacks to date. The Lazarus Group's Medusa ransomware campaign involves the use of various tools, including RP_Proxy, Mimikat
