Prolific cybercrime group pushing Medusa ransomware via n-day and zero-day exploits , hitting perimeters hard since 2023.

How does Storm-1175 deploy ransomware?

Initial foothold via vulns, then web shells, persistence with admin users, lateral via LOLBins/RMM/Impacket, Defender tweaks, payload drop in 1-6 days.

How to protect against Storm-1175 attacks?

Scan perimeters, isolate web apps, VPN/DMZ/WAF, Credential Guard, tamper protection, audit RMMs with MFA, XDR for TTPs.

🦠 Ransomware & Malware

Storm-1175's 16-Vulnerability Blitz Powers Medusa Ransomware Onslaught

Over three years, Storm-1175 exploited 16 vulnerabilities—including three zero-days—to unleash Medusa ransomware at breakneck speed. Healthcare orgs are bleeding, but who's cashing in?

Threat Digest Apr 07, 2026 4 min read

Storm-1175 Medusa ransomware attack timeline graphic showing exploits and targets

⚡ Key Takeaways

Storm-1175 exploited 16 vulns (3 zero-days) for Medusa ransomware since 2023, targeting healthcare and finance. 𝕏
TTPs include rapid footholds, LOLBins, RMM abuse, and Defender evasion—patch gaps aggressively. 𝕏
Mitigate with perimeter isolation, credential hygiene, and proactive hunting; they're profit-driven pros. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#Medusa ransomware #Microsoft threat intel #Storm-1175 #healthcare ransomware #zero-day exploits

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by InfoSecurity Magazine

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Storm-1175's Zero-Day Blitz: Ransomware Hits Where It Hurts Most

Storm-1175's Zero-Day Rampage: China Hackers Dropping Medusa Ransomware in Record Time

Medusa Ransomware: Zero-Days to Encryption in Under 24 Hours

Project Zero's Blog Glow-Up: Old Exploits Still Fresh as Yesterday's Zero-Day

Stay in the loop