"The threat actor's high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent intrusions heavily impacting healthcare organizations, as well as those in the education, professional services, and finance sectors in Australia, the United Kingdom, and the United States."
"Upon gaining a foothold, the financially motivated cybercriminal actor swiftly moves to exfiltrate data and deploy Medusa ransomware within a span of a few days, or, in select incidents, within 24 hours."
"Storm-1175 has been linked to the exploitation of more than 16 vulnerabilities - both CVE-2025-10035 and CVE-2026-23760 are said to have been exploited as zero-days prior to them being publicly disclosed."
A China-based threat actor, known for deploying Medusa ransomware, has been linked to high-velocity attacks using zero-day and N-day vulnerabilities. This group has successfully targeted healthcare, education, professional services, and finance sectors in Australia, the UK, and the US. They exploit vulnerabilities, sometimes before public disclosure, and chain multiple exploits for post-compromise activities. After gaining access, they quickly exfiltrate data and deploy ransomware, often within 24 hours. Since 2023, they have exploited over 16 vulnerabilities, including targeting Linux systems and Oracle WebLogic instances.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]