Signal
Medusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-04-06 16:00 UTCUpdated 2026-04-06 20:08 UTC
rss
medusa
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.3 top sources shown
Overview
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks.
Score total
1.31
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
All evidence
All evidence
Medusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says
The Record (Recorded Future News) · therecord.media · 2026-04-06 20:08 UTC
Microsoft links Medusa ransomware affiliate to zero-day attacks
bleepingcomputer_all · bleepingcomputer.com · 2026-04-06 16:56 UTC
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
Microsoft Security Blog · microsoft.com · 2026-04-06 16:00 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
- The Record (Recorded Future News) (1)
- bleepingcomputer_all (1)
- Microsoft Security Blog (1)
Top origin domains (this list)
- therecord.media (1)
- bleepingcomputer.com (1)
- microsoft.com (1)