China-linked Storm-1175 Uses Zero-Days to Deploy Medusa
🔒 China-linked threat actor Storm-1175 has been observed exploiting a mix of zero-day and N-day flaws to quickly compromise internet-facing systems and deploy Medusa ransomware. Microsoft reports the group moves with high operational tempo, chaining exploits and abusing legitimate RMM tools to evade detection. Targets include healthcare, education, professional services and finance across Australia, the UK and the US. Intrusions often lead to rapid data exfiltration and encryption within days, sometimes under 24 hours.
