POSTED on 24 February 2026, the piece reports that Lazarus hackers are deploying Medusa ransomware in extortion campaigns targeting the U.S. healthcare sector and a Middle East entity. According to Symantec and Carbon Black Threat Hunter teams, these operators are linked to the Lazarus group and are using Medusa ransomware in attacks that reinforce attribution to the North Korean threat cluster.
The report notes evidence of North Korean actors deploying Medusa in a Middle East attack, with the same operators also attempting, but failing, to breach a U.S. healthcare organisation. It highlights that the Lazarus-associated tooling observed in these intrusions supports ongoing ransomware-driven extortion despite prior U.S. indictments. The coverage underscores the persistence of Lazarus-linked campaigns as they expand their extortion efforts into healthcare and nonprofit targets.