Write 2 sentences summarizing the content. At the end, add hashtags for specific keywords mentioned in the article—such as names of malware, threat actors, or affected organizations/systems. Avoid general terms like #malware, #ransomware, or #cybersecurity. Use this format: #Keyword1 #Keyword2
Microsoft researchers say the Medusa ransomware operation is rapidly exploiting newly discovered vulnerabilities days or even weeks before public disclosure, enabling intrusions that can progress from initial access to data exfiltration and encryption in as little as 24 hours. Recent incidents targeting the University of Mississippi Medical Center and Passaic County show Medusa focuses on web-facing systems during the disclosure-to-patch window and leverages legitimate remote management tools to maintain access. #Medusa #UMMC
Keypoints
- Medusa exploits newly discovered vulnerabilities days before public disclosure.
- Attacks can move from initial access to data exfiltration and ransomware deployment within 24 hours.
- The group targets web-facing systems during the disclosure-to-patch window to maximize success.
- Operators create persistent accounts and use remote management tools like ConnectWise ScreenConnect, AnyDesk, and SimpleHelp.
- Recent victims include the University of Mississippi Medical Center and Passaic County, with CVE-2026-23760 and CVE-2025-10035 observed in attacks.
Read More: https://therecord.media/medusa-ransomware-group-zero-days-microsoft