China-Linked Storm-1175 Deploys Medusa Ransomware in High-Velocity Attacks

Storm-1175, a China-based advanced persistent threat (APT) actor tracked by Microsoft Threat Intelligence, is conducting high-velocity attacks leveraging a combination of zero-day and N-day vulnerabilities to deploy Medusa ransomware. The group has heavily impacted healthcare organizations, as well as those in education, professional services, and finance sectors across Australia, the United Kingdom, and the United States. Storm-1175 has been observed exploiting vulnerabilities before public disclosure and chaining multiple exploits for post-compromise activities including lateral movement, data exfiltration, and ransomware deployment. The group's use of zero-day exploits combined with rapid weaponization of newly disclosed vulnerabilities makes traditional patch management insufficient as a sole defense. Recommended mitigations: Implement network segmentation to limit lateral movement, deploy endpoint detection and response (EDR) solutions, maintain offline backups, apply patches immediately upon release, and monitor for indicators of compromise associated with Medusa ransomware.