216.73.217.139

Storm-1175 focuses gaze on vulnerable web-facing assets in high ...

· Published 06/04/2026 20:26 · Modified 06/04/2026 21:48

Export JSON

Essential information

Published
06/04/2026 20:26
Modified
06/04/2026 21:48
Tags
2026-04-06 exploit medusa psexec ransomware remote access storm-1175
Related entities
17 vulnerabilities (cve), 7 observables, 1 intrusion sets (apt), 1 malware

Description

The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as operates high-velocity campaigns that weaponize N-days, targeting vulnerable, web-facing systems during the window between vulnerability disclosure and widespread patch adoption. Following successful exploitation, rapidly moves from initial access to data exfiltration and deployment of , often within a few days and, in some cases, within 24 hours. The threat actor’s high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent intrusions heavily impacting healthcare organizations, as well as those in the education, professional services, and finance sectors in Australia, United Kingdom, and United States.

External references