North Korean Lazarus Group Now Working With Medusa Ransomware
Contents
North Korean Lazarus Group Now Working With Medusa Ransomware
North Korean attackers continuing to mount extortion attacks against the U.S. healthcare sector despite indictment.
North Korean state-backed attackers are now using the Medusa ransomware and are continuing to mount extortion attacks on the U.S. healthcare sector.
North Korea has long been involved in ransomware attacks and has been previously associated with the Maui and Play ransomware families. However, the Symantec and Carbon Black Threat Hunter Team has uncovered evidence North Korean actors using Medusa in an attack on a target in the Middle East. The same attackers also mounted an unsuccessful attack against a healthcare organization in the U.S.
Medusa, which is operated by the Spearwing cybercrime group, was launched in 2023 and is run as a ransomware-as-a-service, where affiliate attackers can deploy the ransomware in exchange for a percentage of ransom payments. More than 366 attacks have been claimed by attackers using Medusa.
Analysis …
North Korean attackers continuing to mount extortion attacks against the U.S. healthcare sector despite indictment.
North Korean state-backed attackers are now using the Medusa ransomware and are continuing to mount extortion attacks on the U.S. healthcare sector.
North Korea has long been involved in ransomware attacks and has been previously associated with the Maui and Play ransomware families. However, the Symantec and Carbon Black Threat Hunter Team has uncovered evidence North Korean actors using Medusa in an attack on a target in the Middle East. The same attackers also mounted an unsuccessful attack against a healthcare organization in the U.S.
Medusa, which is operated by the Spearwing cybercrime group, was launched in 2023 and is run as a ransomware-as-a-service, where affiliate attackers can deploy the ransomware in exchange for a percentage of ransom payments. More than 366 attacks have been claimed by attackers using Medusa.
Analysis …
IoC
http://23.27.140.228
http://trustpdfs.com
http://illycafe.my
http://23.27.140.135
http://23.27.124.228
http://illycoffee.my
http://markethubuk.com
http://amazonfiso.com
http://human-check.com
http://23.27.140.49
http://zypras.com
http://sictradingc.com
23.27.140.49
23.27.140.228
23.27.140.135
23.27.124.228
4a702c784eb997a170bea81778a770a86e61c759ff95ca0ad958ceca55c20c7b
60aaf6c01ba0c15b78902fd4be12c7e5f2323ade8f9db7e9fbbb9ec0c2afc8ba
bf05b1ace61aeebd251940b40624fe22a345300fc6a53a472357f9586e8e4e57
a55bc262c5218c6bdaebcf4618154312ff0540b00c382ab34e805699ce3fcc31
202b03d788df6a9d22bbd2cbc01ba9c7b4a9caad0f78a4d420f8c2c30171a08d
932b9ec79c782f06b3c8d267af916df41328ddb8235d021ea7f945dc4082d991
b42345567556a01d34daf262f95fdeb02f259271afbea93fb684b9656d14e568
60b942bbdac625300eeb11cccba5ed44f376634f73d3bc01a17e7a758c570a8e
6ba46c392bdc330ceef2aeb984c63c89d673a090dd68d3258e4aa7e20e5c098d
52293b53ca5209bc49f009288cf6fc80c9f787c9c735cc06e7dc6fc9fcdaf61d
61c49c8f116cb7118dee613536085cfaa7a59d5f49c36b9ff432be7b8a7f25f0
63432828de42e43ea3715157da5439c40e5c371eefd7c1892b25f396c1018cc8
6ad1a57ce20b422b77bab84a8daebf4e7262543742b2fdcbcacde3f7780d9046
a12c84dabaffa868507807c645f7f0769ac848cc575a8c3b42dfb791aa5caeef
ab3e3a8673ba5da40b325b160a782cf2f03547d9b489e87d9546da35a65d62d6
cf5e38d65bef38654080635fcb76890e3e0548626b0598bc8090b18116220389
416545b9e844d3d924e162951a8ee885f3885e054a196ccdc659fd9d1f1911a6
84168ee4e290690985358dfc497b98a22ef279a01179b93ff4e6c9c5e1ee26e4
d80daa7b30732b2b71d63a5881a254d12eb0d499a015dc4c98602caa2001d2a3
9cb10407ca3c9e8c1a069ebb4c677d8889117c1bc5206fbf16f47ebb13ef34b9
16d57ff889aab5b8c8a646da99d5a9335177fb4c158191baa1cf199f0e818d3a
c69acc7364da828f098394b1a6907788d4fd379ed2af7d966e86a2becea4c0ad
313ce75f0f47e2a8fd66120fcbcaa6226fc0c4862b585b8e04850153f97bc4a3
fdd4b78aa4e0914f3bcdc2632338ebbd300fdc3f05a3df85a5a3067f97627e45
ce4fcb97ada09a42c03c3456c5fe09d805948a95efaf365eb1cd2b4e82013990
bf27c5e2591febe90e52cd99231526a342bc423000fe87cce44ef1c3acaeeab5
15208030eda48b3786f7d85d756d2bd6596ef0f465d9c8509a8f02c53fad9a10
3e3e0519a154266da1558e324c9097e7c39ccf88f323f2f932f204871d1b91cb
55cb4a851372237a5ba4bf187e37b0d599f3ffa13ac17464130744614353bd07
8f6866532abd8400d244d0441be097f8209065ac43d9f864b2a6894f9da2880a
e24e4c949894b08a66b925b6c55f12d1b3c69adc95b79e99a31315e289d193fc
a957b5dd5f555be8431df3f35b707c149b83436d19cc3f8bbd867317a6f624b1
df1b9ec31fa4578dee7668207064de7185798801bb032c715aa24cce7e35bcda
cfe33c6faacc824fcb475d450d6ba19316884fad4c85f563a330a86d03ecff0c
7530323c3976687a329e06bb7b7f95017f2cfd408f6a5261cb2f0c6b6f18f081
db98d087d4cdb2a82096df424f86edea8d4730543a2005f43bede9ffc6123791
918e2a5a01fdb0ad462b0242e4f23d51111031052a1ebd6a32d22be9cbd8dfb8
7a22880780c74b212e36ebb871af4af26a620326c456cf96a3dfb1481ee436cc
61f3b09bcbae2fc2c98ccac7b2a0becdf5ddb28fe6a8b9c679fd574d58f8ca40
6428ef885c54b8154bd86a5d849fb8cc8c04f39e72188117119b9e2832b99ee6
a670d8818a6efe2919c18c740ef4f3478551b28481d0a1591539be45ceca2171
b8a9533a21127ff5005352d41581c5631598704e220120b623fad16e3ec2ae51
35a11a68b0ce862bdc7450735237e56cf70156870b0527ec624f0a57076c09c7
bedada1c52e9bcceff8c6b542d74518afcce66f955ac6f1ab58aa43b3865fe9f
f0f4423cd8d5ceafb4e4a18014ff4ed8913021d83bc2c3a973a419b9fe466c19
18049366331a5f0afd54c2ca84e6ed302e81d58a162673715fee865541d53b11
3b8850bad0cb3ebae477b3787844b892bb0e4f7bd9c9e8b507898a726e7e2763
0842dd5c1f79f313ea08c49d1fb227654c32485b3f413e354dbe47b8a519a120
http://trustpdfs.com
http://illycafe.my
http://23.27.140.135
http://23.27.124.228
http://illycoffee.my
http://markethubuk.com
http://amazonfiso.com
http://human-check.com
http://23.27.140.49
http://zypras.com
http://sictradingc.com
23.27.140.49
23.27.140.228
23.27.140.135
23.27.124.228
4a702c784eb997a170bea81778a770a86e61c759ff95ca0ad958ceca55c20c7b
60aaf6c01ba0c15b78902fd4be12c7e5f2323ade8f9db7e9fbbb9ec0c2afc8ba
bf05b1ace61aeebd251940b40624fe22a345300fc6a53a472357f9586e8e4e57
a55bc262c5218c6bdaebcf4618154312ff0540b00c382ab34e805699ce3fcc31
202b03d788df6a9d22bbd2cbc01ba9c7b4a9caad0f78a4d420f8c2c30171a08d
932b9ec79c782f06b3c8d267af916df41328ddb8235d021ea7f945dc4082d991
b42345567556a01d34daf262f95fdeb02f259271afbea93fb684b9656d14e568
60b942bbdac625300eeb11cccba5ed44f376634f73d3bc01a17e7a758c570a8e
6ba46c392bdc330ceef2aeb984c63c89d673a090dd68d3258e4aa7e20e5c098d
52293b53ca5209bc49f009288cf6fc80c9f787c9c735cc06e7dc6fc9fcdaf61d
61c49c8f116cb7118dee613536085cfaa7a59d5f49c36b9ff432be7b8a7f25f0
63432828de42e43ea3715157da5439c40e5c371eefd7c1892b25f396c1018cc8
6ad1a57ce20b422b77bab84a8daebf4e7262543742b2fdcbcacde3f7780d9046
a12c84dabaffa868507807c645f7f0769ac848cc575a8c3b42dfb791aa5caeef
ab3e3a8673ba5da40b325b160a782cf2f03547d9b489e87d9546da35a65d62d6
cf5e38d65bef38654080635fcb76890e3e0548626b0598bc8090b18116220389
416545b9e844d3d924e162951a8ee885f3885e054a196ccdc659fd9d1f1911a6
84168ee4e290690985358dfc497b98a22ef279a01179b93ff4e6c9c5e1ee26e4
d80daa7b30732b2b71d63a5881a254d12eb0d499a015dc4c98602caa2001d2a3
9cb10407ca3c9e8c1a069ebb4c677d8889117c1bc5206fbf16f47ebb13ef34b9
16d57ff889aab5b8c8a646da99d5a9335177fb4c158191baa1cf199f0e818d3a
c69acc7364da828f098394b1a6907788d4fd379ed2af7d966e86a2becea4c0ad
313ce75f0f47e2a8fd66120fcbcaa6226fc0c4862b585b8e04850153f97bc4a3
fdd4b78aa4e0914f3bcdc2632338ebbd300fdc3f05a3df85a5a3067f97627e45
ce4fcb97ada09a42c03c3456c5fe09d805948a95efaf365eb1cd2b4e82013990
bf27c5e2591febe90e52cd99231526a342bc423000fe87cce44ef1c3acaeeab5
15208030eda48b3786f7d85d756d2bd6596ef0f465d9c8509a8f02c53fad9a10
3e3e0519a154266da1558e324c9097e7c39ccf88f323f2f932f204871d1b91cb
55cb4a851372237a5ba4bf187e37b0d599f3ffa13ac17464130744614353bd07
8f6866532abd8400d244d0441be097f8209065ac43d9f864b2a6894f9da2880a
e24e4c949894b08a66b925b6c55f12d1b3c69adc95b79e99a31315e289d193fc
a957b5dd5f555be8431df3f35b707c149b83436d19cc3f8bbd867317a6f624b1
df1b9ec31fa4578dee7668207064de7185798801bb032c715aa24cce7e35bcda
cfe33c6faacc824fcb475d450d6ba19316884fad4c85f563a330a86d03ecff0c
7530323c3976687a329e06bb7b7f95017f2cfd408f6a5261cb2f0c6b6f18f081
db98d087d4cdb2a82096df424f86edea8d4730543a2005f43bede9ffc6123791
918e2a5a01fdb0ad462b0242e4f23d51111031052a1ebd6a32d22be9cbd8dfb8
7a22880780c74b212e36ebb871af4af26a620326c456cf96a3dfb1481ee436cc
61f3b09bcbae2fc2c98ccac7b2a0becdf5ddb28fe6a8b9c679fd574d58f8ca40
6428ef885c54b8154bd86a5d849fb8cc8c04f39e72188117119b9e2832b99ee6
a670d8818a6efe2919c18c740ef4f3478551b28481d0a1591539be45ceca2171
b8a9533a21127ff5005352d41581c5631598704e220120b623fad16e3ec2ae51
35a11a68b0ce862bdc7450735237e56cf70156870b0527ec624f0a57076c09c7
bedada1c52e9bcceff8c6b542d74518afcce66f955ac6f1ab58aa43b3865fe9f
f0f4423cd8d5ceafb4e4a18014ff4ed8913021d83bc2c3a973a419b9fe466c19
18049366331a5f0afd54c2ca84e6ed302e81d58a162673715fee865541d53b11
3b8850bad0cb3ebae477b3787844b892bb0e4f7bd9c9e8b507898a726e7e2763
0842dd5c1f79f313ea08c49d1fb227654c32485b3f413e354dbe47b8a519a120