security: Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
Microsoft Security Blog
2026-04-06
Microsoft says Storm-1175 is running fast-moving Medusa ransomware campaigns that exploit recently disclosed vulnerabilities in web-facing systems for initial access, data theft, and ransomware deployment. The actor uses Medusa ransomware, also referred to as Gaze.exe.