Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Storm-1175 Exploits Internet Vulnerabilities in Medusa Attacks

Storm-1175 Exploits Internet Vulnerabilities in Medusa Attacks

Posted on April 7, 2026 By CWS

In a concerning development, the threat group Storm-1175 is actively exploiting internet-facing vulnerabilities to carry out sophisticated ransomware attacks. By leveraging known software flaws, the group deploys Medusa ransomware, threatening organizations with both data encryption and exposure. This latest campaign has put cybersecurity experts on high alert.

Rapid and Strategic Attacks

Storm-1175 is notorious for its swift operations, often locking down entire networks within just 24 hours of infiltration. The group specializes in exploiting N-day vulnerabilities, which are flaws already disclosed but not yet patched by systems administrators. This strategy allows them to target internet-exposed applications such as file transfer tools and mail servers that remain vulnerable.

Microsoft’s Threat Intelligence team has been monitoring Storm-1175 since 2023, identifying its involvement in exploiting over 16 known vulnerabilities across various enterprise platforms. This includes the use of zero-day flaws, which are vulnerabilities not publicly disclosed when first exploited.

Exploiting Zero-Day Vulnerabilities

In addition to N-day exploits, Storm-1175 has demonstrated the ability to utilize zero-day vulnerabilities. For instance, they exploited a vulnerability in SmarterMail (CVE-2026-23760) and Fortra’s GoAnywhere Managed File Transfer (CVE-2025-10035) a week before these flaws were publicly announced. Such tactics provide the group with a significant advantage over unprepared organizations.

Medusa ransomware, a Ransomware-as-a-Service platform, is the tool of choice for Storm-1175. It combines data encryption with a double extortion model, threatening victims with public data release if ransoms are not paid. This approach places immense pressure on industries heavily dependent on internet-facing systems.

Post-Compromise Operations

Once inside a network, Storm-1175 executes a well-rehearsed attack sequence. The group often deploys web shells or remote access payloads to maintain connectivity, even after vulnerabilities are patched. They create new user accounts to ensure ongoing access and employ legitimate remote management tools to avoid detection.

To disable security defenses, Storm-1175 manipulates Microsoft Defender settings and uses encoded PowerShell commands to exclude malicious files from antivirus scans. Credential theft is also a critical component, allowing the attackers to escalate privileges and spread ransomware across networks efficiently.

In the final stages, they use tools like Bandizip for data packaging and Rclone for transferring files to cloud storage under their control. PDQ Deployer then executes scripts that push Medusa ransomware payloads across all affected systems.

Defense and Prevention Measures

To combat these threats, Microsoft and security experts urge organizations to patch vulnerabilities in internet-facing systems promptly, ideally within 72 hours of disclosure. Monitoring for signs of credential theft, unauthorized registry changes, and new user accounts is crucial for early detection. Limiting remote management tool usage and enforcing multi-factor authentication on privileged accounts are also recommended. Regularly auditing antivirus exclusion paths can prevent unauthorized modifications from creating exploitable gaps.

Stay informed by following updates on platforms like Google News, LinkedIn, and X, and ensure that cybersecurity remains a top priority for your organization.

Cyber Security News Tags:0-day flaws, Cybersecurity, data protection, internet-facing assets, IT security, Medusa ransomware, Microsoft, multi-factor authentication, N-day vulnerabilities, ransomware attacks, security breach, Storm-1175, threat intelligence, zero-day exploits

Post navigation

Previous Post: Wynn Resorts Data Breach Affects Over 21,000 Employees
Next Post: China’s Storm-1175 Launches Rapid Medusa Ransomware Attacks

Related Posts

AWS Declares Major Outage Resolved After Nearly 24 Hours of Disruption AWS Declares Major Outage Resolved After Nearly 24 Hours of Disruption Cyber Security News
Microsoft and Europol Dismantle Major Phishing Platform Microsoft and Europol Dismantle Major Phishing Platform Cyber Security News
Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild Cyber Security News
MongoDB Servers at Critical Risk MongoDB Servers at Critical Risk Cyber Security News
Qilin Ransomware Using Ghost Bulletproof Hosting to Attack Organizations Worldwide Qilin Ransomware Using Ghost Bulletproof Hosting to Attack Organizations Worldwide Cyber Security News
2 Chinese Hackers Trained Cisco Program Now Attacking Cisco Devices 2 Chinese Hackers Trained Cisco Program Now Attacking Cisco Devices Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • FastNetMon Unveils Netomics for Enhanced Routing Control
  • Hackers Exploit Fake Microsoft Passkey Enrollment for Attacks
  • Top Unified Threat Management Solutions in 2026
  • Study Reveals Security Flaws in Free Android VPN Apps
  • WhatsApp Exploit Turns OpenClaw into Hacker Tool

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • FastNetMon Unveils Netomics for Enhanced Routing Control
  • Hackers Exploit Fake Microsoft Passkey Enrollment for Attacks
  • Top Unified Threat Management Solutions in 2026
  • Study Reveals Security Flaws in Free Android VPN Apps
  • WhatsApp Exploit Turns OpenClaw into Hacker Tool

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark