Microsoft flags China-based hackers using vicious new ‘rapid attack’ zero-days to launch ransomware at targets across the world

0 0 2 minutes read

Microsoft flags China-based hackers using vicious new ‘rapid attack’ zero-days to launch ransomware at targets across the world

https://www.profitableratecpm.com/f4ffsdxe?key=39b1ebce72f3758345b2155c98e6709c

Storm-1175 quickly moves from access to ransomware deployment
Exploits zero days and n days on several products
Targets healthcare, finance, education and professional services

Chinese hacker collective Storm-1175 scales quickly, going from initial access to complete system compromise and data exfiltration within weeks, and sometimes in less than 24 hours, experts have warned.

A new report from Microsoft claims that the group exploited several vulnerabilities, both zero-day and n-day, in its activities. In some cases, they would even chain together various flaws for better results.

According to the report, Storm-1175 is not a state-sponsored actor, but rather an autonomous group interested in profit. They mainly target healthcare establishments, educational establishments, professional service providers and companies in the financial sector. Victims are mainly located in the United States, United Kingdom and Australia.

Article continues below

Dozens of vulnerabilities

The key takeaway here is how quickly the group operates: “After successful exploitation, Storm-1175 quickly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within days and, in some cases, within 24 hours,” the researchers said. “The threat actor’s high operational tempo and ability to identify exposed perimeter assets proved effective. »

For a first access, the slalom group between zero days and n days. During zero days, they were seen abusing bugs even a week before their public disclosure, and during n days, they would try to exploit them as soon as possible, leaving very little time for defenders to deploy patches and mitigations.

So far, more than 16 vulnerabilities have been identified as exposed, affecting 10 products. These include Microsoft Exchange (CVE-2023-21529), Papercut (CVE-2023-27351 and CVE-2023-27350), Ivanti Connect Secure and Policy Secure (CVE-2023-46805 and CVE-2024-21887), and ConnectWise ScreenConnect (CVE-2024-1709 and CVE-2024-1708).

Other notable mentions include bugs in JetBrains TeamCity (CVE-2024-27198 and CVE-2024-27199), SimpleHelp (CVE-2024-57726, CVE-2024-57727 and CVE-2024-57728), CrushFTP (CVE-2025-31161), SmarterMail. (CVE-2025-52691) and BeyondTrust (CVE-2026-1731).

After intrusion, the crooks deployed a myriad of different tools to enable lateral movement, persistence, and stealth. Before deploying the Medusa ransomware variant, they would disable any installed antivirus or endpoint protection tools.

The best antivirus for every budget

Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!

And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.