A China-based threat actor has been linked to the exploitation of zero-day and N-day vulnerabilities to rapidly deploy Medusa ransomware and break into susceptible internet-facing systems.

The threat actor, known as Storm-1175, has demonstrated a high operational tempo and expertise in identifying exposed perimeter assets, making their attacks highly successful.

The use of zero-day vulnerabilities, such as CVE-2022-26134 and others, has allowed Storm-1175 to orchestrate high-velocity attacks and evade detection.

The attacks have highlighted the importance of prioritizing vulnerability management and implementing robust security measures to prevent exploitation.

Organizations must remain vigilant and take proactive steps to protect themselves from these types of attacks, including keeping software up to date and implementing threat intelligence.

Source: Original Article