Signal

Storm-1175 group rapidly exploits vulnerabilities to deploy Medusa ransomware

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-06 20:08 UTCUpdated 2026-04-07 10:52 UTC

rss

cveexploitsransomwarethreat_actorsincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

SecurityWeek · News · securityweek.com · 2026-04-07 10:52 UTC

Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks

CSO Online · News · csoonline.com · 2026-04-07 10:48 UTC

Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-04-07 10:02 UTC

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

The Hacker News · News · thehackernews.com · 2026-04-07 06:35 UTC

View all evidence

Overview

The China-linked cybercrime group Storm-1175 is conducting high-speed ransomware attacks using Medusa ransomware by exploiting both zero-day and known vulnerabilities.

Entities

MicrosoftMedusa ransomwareStorm-1175

Score total

1.42

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

Microsoft's recent report highlights ongoing active campaigns by Storm-1175.
The group's use of zero-days before public disclosure shows evolving attack sophistication.
Fast-moving attacks stress the urgency for improved detection and response measures.

Why it matters

Rapid exploitation leaves little time for defenders to patch vulnerabilities before ransomware deployment.
Use of zero-day exploits indicates advanced capabilities and increased threat severity.
Targets critical sectors like healthcare and finance, increasing potential impact.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Storm-1175 exploits zero-day and known vulnerabilities to rapidly deploy Medusa ransomware.
The group moves from initial access to data theft and ransomware deployment within 24 hours.
Storm-1175 has exploited more than 16 vulnerabilities across widely used enterprise products since 2023.

How sources frame it

Microsoft: neutral

All evidence

All evidence

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

SecurityWeek · securityweek.com · 2026-04-07 10:52 UTC

Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks

CSO Online · csoonline.com · 2026-04-07 10:48 UTC

Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks

Infosecurity Magazine · infosecurity-magazine.com · 2026-04-07 10:02 UTC

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

The Hacker News · thehackernews.com · 2026-04-07 06:35 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

SecurityWeek (1)
CSO Online (1)
Infosecurity Magazine (1)
The Hacker News (1)

Top origin domains (this list)

securityweek.com (1)
csoonline.com (1)
infosecurity-magazine.com (1)
thehackernews.com (1)