Find notable cyber news and cases, enriched with sources, timelines, and signals.
Campaign

Storm-1175 public-facing intrusion wave

Updated 07.04.2026 09:35
Case score 56
Case score 56 Members 1 Latest activity 07.04.2026 09:35
Patch available
Members 1 First seen 07.04.2026 09:35 Last seen 07.04.2026 09:35 Updated 07.04.2026 09:35

Overview

**Storm-1175** is running a high-velocity intrusion campaign that uses **zero-day** and **N-day** vulnerabilities to break into exposed internet-facing systems. Available evidence ties the activity to fast follow-on actions that include data theft and **Medusa ransomware**, sometimes within 24 hours. The activity spans multiple sectors and countries and has touched products such as **Exchange Server**, **Ivanti Connect Secure and Policy Secure**, **ConnectWise ScreenConnect**, **JetBrains TeamCity**, **SimpleHelp**, **GoAnywhere MFT**, **SmarterMail**, and **BeyondTrust**. Current defensive priority is rapid patching of exposed systems plus hunting for web shells, RMM abuse, credential theft, and exfiltration artifacts.

Signals

7 derived
Impact signals
Victims/regions
Victim region Australia Sector education Sector healthcare
Remediation
Remediation Patch available
Status
Campaign status Active
Threat context
Actor Storm-1175 Ransomware Medusa ransomware

Malware context

1 families

Member happenings

1 related
Campaign Storm-1175 high-velocity zero-day and N-day intrusion campaign
Updated 07.04.2026 09:35 Lead Contribution 56
Objective Financial Extortion Campaign Active Patch Patch Available

**Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk of rapid compromise and ransomware deployment. The activity is hitting **healthcare**, **education**, **professional services**, and **finance** organizations across **Australia**, the **United Kingdom**, and the **United States**. Once inside, the operators can exfiltrate data and deploy **Medusa ransomware** within **days** or even **24 hours**.