Microsoft links the Storm-1175 cybercriminal group to exploiting a critical flaw in Fortra GoAnywhere to deploy Medusa ransomware. The vulnerability, CVE-2025-10035, allows remote code execution and has been exploited since September 2025, highlighting ongoing threats to affected organizations. #Storm-1175 #MedusaRansomware
Keypoints
- Microsoft attributes the Storm-1175 group to exploiting a critical bug in GoAnywhere MFT.
- The vulnerability CVE-2025-10035 permits command injection without authentication, leading to remote code execution.
- Threat actors deploy RMM tools and create .jsp files for persistence and lateral movement.
- Active exploitation has been ongoing since at least September 10, 2025, with stealthy attacks affecting organizations.
- The attack chain concludes with data exfiltration and Medusa ransomware deployment, raising concerns over targeted breaches.
Read More: https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html