A China-based threat actor, Storm-1175, is conducting swift and lucrative ransomware attacks by leveraging newly discovered vulnerabilities in targeted systems. This group's modus operandi involves rapid exploitation of unpatched flaws to gain initial access, followed by swift data exfiltration and deployment of Medusa ransomware, often within a 24-hour window. The primary sectors under attack include healthcare, education, finance, and services, with the US, UK, and Australia being the main geographical targets. Storm-1175's tactics signify a notable evolution in attack methodologies, potentially originating from China1. The use of newly disclosed vulnerabilities underscores the importance of prompt patch management and robust security measures. This development matters to cybersecurity practitioners as it may herald a new wave of sophisticated attacks, potentially triggering downstream regulatory and supply-chain repercussions.
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa
⚠️ Critical Alert
Why This Matters
A breach involving China signals evolving attack methods — watch for downstream regulatory and supply-chain effects.
References
- SecurityAffairs. (2026, April 7). Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa. SecurityAffairs. https://securityaffairs.com/190440/cyber-crime/fast-moving-storm-1175-uses-new-exploits-to-breach-networks-and-drop-medusa.html
Original Source
SecurityAffairs
Read original →