Microsoft has attributed Storm-1175, a China-based financially motivated cybercriminal group, to high-velocity Medusa ransomware attacks leveraging both n-day and zero-day exploits. The group weaponizes new vulnerabilities rapidly — sometimes within a day of disclosure or even before patches are released — and has exploited over 16 vulnerabilities across 10 software products including Microsoft Exchange, Ivanti, GoAnywhere MFT, SmarterMail, and others. Storm-1175 moves quickly from initial access to data exfiltration and ransomware deployment, often within 24 hours, heavily targeting healthcare, education, finance, and professional services sectors in Australia, the UK, and the US. CISA previously warned that Medusa ransomware had impacted over 300 critical infrastructure organizations in the US.
Table of contents
Related Articles:Sort: