Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

Summary

Storm-1175, a financially motivated threat actor, is conducting rapid ransomware campaigns that leverage recently disclosed vulnerabilities to compromise web-facing assets, exfiltrate data, and deploy Medusa ransomware (tracked as Gaze.exe). The actor targets vulnerable internet-exposed systems for initial access and executes high-tempo operations across multiple victims.

Indicators of Compromise

• malware — Medusa
• malware — Gaze.exe

Entities