MICROSOFT links Medusa ransomware affiliate to zero-day attacks, with Storm-1175 described as a China-based, financially motivated group known for deploying Medusa ransomware payloads. The group is said to be deploying n-day and zero-day exploits in high-velocity attacks, quickly moving to compromise victims’ networks. Microsoft states that Storm-1175 rapidly shifts from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, in some cases, within 24 hours.
The report notes that the group weaponises vulnerabilities and sometimes exploits them a week before patches are released. This overview was published on 6 April 2026.