Storm-1175 Deploys Medusa Ransomware at 'High Velocity'

Summary

Microsoft has identified Storm-1175, a financially motivated cybercrime group, as the operator behind rapid Medusa ransomware deployments leveraging both known (N-day) and previously unknown (zero-day) vulnerabilities. The group's campaigns emphasize speed and exploitation velocity to maximize impact before defenses can respond. The threat represents a significant shift toward aggressive, vulnerability-driven ransomware tactics.

Indicators of Compromise

• malware — Medusa

Entities