Vulnerability Management, Ransomware, Threat Intelligence

Multiple vulnerabilities harnessed by Chinese hackers for Medusa ransomware deployment

(Adobe Stock)

Attacks weaponizing zero-day and n-day vulnerabilities have been deployed by Chinese financially motivated threat operation Storm-1175 to facilitate immediate injections of the Medusa ransomware, with the group recently targeting U.S., UK, and Australian healthcare, education, finance, and professional services organizations, reports BleepingComputer.

Storm-1175 has combined several exploits to establish new user accounts, launch remote monitoring and management software, and pilfer credentials, as well as deactivate security software, ahead of ransomware compromise, according to a Microsoft analysis. Among the flaws abused by Storm-1175 include the BeyondTrust bug, tracked as CVE-2026-1731, the CrushFTP issue, tracked as CVE-2025-31161, the SmarterMail vulnerability, tracked as CVE-2025-52691, and the GoAnywhere MFT defect, tracked as CVE-2025-10035.

"While these more recent attacks demonstrate an evolved development capability or new access to resources like exploit brokers for Storm-1175, it is worth noting that GoAnywhere MFT has previously been targeted by ransomware attackers, and that the SmarterMail vulnerability was reportedly similar to a previously disclosed flaw," said Microsoft researchers.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds