China-Linked Storm-1175 Exploits Zero-Days to Deploy Medusa Ransomware

A threat actor Microsoft tracks as Storm-1175 has been exploiting zero-day vulnerabilities to rapidly deploy Medusa ransomware across enterprise networks, according to security researchers monitoring the campaign. The group, assessed as operating from China, has targeted organizations globally using unpatched flaws in widely deployed software. Medusa ransomware encrypts systems and demands payment for decryption keys, with recent attacks focusing on healthcare and manufacturing sectors. Microsoft noted that Storm-1175 moves quickly between initial access and ransomware deployment, often completing the full attack chain within days. The zero-day exploitation allows the group to bypass traditional patch management timelines that organizations rely on for protection. The campaign represents an escalation in ransomware operations backed by nation-state resources. Security teams have been advised to prioritize patching cycles and monitor for indicators of compromise associated with the group. . The Hacker News