A cybercrime group, Storm-1175, has been exploiting a severe vulnerability in GoAnywhere MFT to launch Medusa ransomware attacks since September 2025. Organizations need to urgently update their systems and monitor for suspicious activity related to this zero-day flaw. #GoAnywhereMFT #MedusaRansomware
Keypoints
- Storm-1175 is actively exploiting the CVE-2025-10035 vulnerability in GoAnywhere MFT.
- The vulnerability involves deserialization of untrusted data and was patched by Fortra on September 18, 2025.
- Exploitation has been observed in multiple organizations, with some instances still unpatched.
- The threat group uses Remote Monitoring and Management tools to maintain persistence during attacks.
- Security agencies recommend upgrading systems and inspecting logs for signs of exploitation.