# Storm-1175 rapidly moves from access to ransomware deployment.

*business · news · 2026-04-08 · TechRadar*

## Key points

- Storm-1175 can move from initial access to ransomware deployment in less than 24 hours.
- The group exploits both zero-day and n-day vulnerabilities, sometimes chaining multiple flaws together.
- Storm-1175 is not state-sponsored but operates independently for profit.
- They have exploited over 16 vulnerabilities across 10 products, including Microsoft Exchange and Ivanti.
- Storm-1175 disables antivirus and endpoint protection before deploying Medusa ransomware.

**Companies:** Microsoft
**Countries:** United States, United Kingdom, Australia

[Read the full story on TechRadar](https://www.techradar.com/pro/security/microsoft-flags-china-based-hackers-using-vicious-new-rapid-attack-zero-days-to-launch-ransomware-at-targets-across-the-world)

---

Canonical: https://newsio.io/n/c1a3b8ff-b304-4aa0-afcf-2745dc1f71ee/storm-1175-rapidly-moves-from-access-to-ransomware-deployment
Summarized by Newsio from TechRadar. https://newsio.io/how-it-works