Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

Microsoft Threat Intelligence describes Storm-1175, a financially motivated ransomware actor that quickly weaponizes N‑day and zero‑day vulnerabilities in web‑facing systems to gain access, establish covert persistence, steal credentials, exfiltrate data (using tools like Rclone), and deploy Medusa ransomware; the report details observed TTPs, affected sectors and geographies, mitigation recommendations, and provides indicators of compromise.