{"id":234707,"date":"2026-04-07T02:26:31","date_gmt":"2026-04-07T07:26:31","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks"},"modified":"2026-04-07T02:26:31","modified_gmt":"2026-04-07T07:26:31","slug":"microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks","title":{"rendered":"Microsoft links Medusa ransomware affiliate to zero-day attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks.jpg\"><\/a><\/p>\n<p>Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks.<\/p>\n<p>This cybercrime gang quickly shifts to targeting new security vulnerabilities to gain access to its victims\u2019 networks, weaponizing some of them within a day and, in some cases, exploiting them a week before patches are released.<\/p>\n<p>\u201cStorm-1175 rapidly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, in some cases, within 24 hours,\u201d <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/04\/06\/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations\/\" target=\"_blank\" rel=\"nofollow noopener\">Microsoft said<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. This cybercrime gang quickly shifts to targeting new security vulnerabilities to gain access to its victims\u2019 networks, weaponizing some of them within a day and, in some cases, exploiting [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-234707","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/234707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=234707"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/234707\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=234707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=234707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=234707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}