# China-Linked Storm-1175 Exploits Zero-Days to Deploy Medusa Ransomware

_Tuesday, April 7, 2026 at 4:05 AM EDT · Cybersecurity · Latest · Tier 1 — Major_

![China-Linked Storm-1175 Exploits Zero-Days to Deploy Medusa Ransomware — The Hacker News](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhN-ulbNH0WxLgcWOo1fnNpmYNLvHo4VW23VmfdGvDlcbd9IvuUBKMp1hY21B2NlBxtCNa5FCPEzjxPaLpOhz2uXR22uAmgHF0n-wJMb6DZmPFPjlC2QsYb0Vi4qvqmVzPcOmMr8NbwGSYYrceDknuVJ6xnzcDUUrmwO_ObAeq_Pmwf8AHeFlcQFwwpb-H3/s1700-e365/medusa.jpg)

A threat actor Microsoft tracks as Storm-1175 has been exploiting zero-day vulnerabilities to rapidly deploy Medusa ransomware across enterprise networks, according to security researchers monitoring the campaign.

The group, assessed as operating from China, has targeted organizations globally using unpatched flaws in widely deployed software. Medusa ransomware encrypts systems and demands payment for decryption keys, with recent attacks focusing on healthcare and manufacturing sectors.

Microsoft noted that Storm-1175 moves quickly between initial access and ransomware deployment, often completing the full attack chain within days. The zero-day exploitation allows the group to bypass traditional patch management timelines that organizations rely on for protection.

The campaign represents an escalation in ransomware operations backed by nation-state resources. Security teams have been advised to prioritize patching cycles and monitor for indicators of compromise associated with the group.

.  The Hacker News

## Sources

- [The Hacker News](https://thehackernews.com/2026/04/china-linked-storm-1175-exploits-zero.html)

---
Canonical: https://techandbusiness.org/newswire/hT0mDZ4YgKEt45ltCchEDy
Retrieved: 2026-04-21T22:11:30.900Z
Publisher: Tech & Business (techandbusiness.org)