1. Forum
  2. FidoNet
  3. CONSPRCY

  • MS Flags Chinese hackers

    From Mike Powell@1:2320/107 to All on Wednesday, April 08, 2026 09:58:35
    Microsoft flags China-based hackers using vicious new 'rapid attack'
    zero-days to launch ransomware at targets across the world

    Date:
    Wed, 08 Apr 2026 00:05:00 +0000

    Description:
    Microsoft warns the window to patch known flaws is shrinking, while the
    window to abuse zero-days grows.

    FULL STORY
    Chinese-speaking hacking collective Storm-1175 is moving fast, going from initial access to full system compromise and data exfiltration in weeks, and sometimes in less than 24 hours, experts have warned.

    A new report from Microsoft claims the group was seen leveraging multiple flaws, both zero-days and n-days, in their activities. In some cases, they would even chain various flaws together for better outcomes. As per the
    report, Storm-1175 is not a state-sponsored actor, but rather a standalone group interested in profit. They are targeting primarily healthcare organizations, education firms, professional services providers, and
    companies in the finance sector. Victims are mostly located in the United States, United Kingdom, and Australia.

    Dozens of vulnerabilities -- The key takeaway here is speed at
    which the group operates: Following successful exploitation, Storm-1175
    rapidly moves from initial access to data exfiltration and deployment of
    Medusa ransomware , often within a few days and, in some cases, within 24 hours, the researchers said. The threat actors high operational tempo and proficiency in identifying exposed perimeter assets have proven successful.

    For initial access, the group slaloms between zero-days and n-days. For zero-days, they were seen abusing bugs even a week before public disclosure, and for n-days, they would try to exploit it as soon as possible - giving defenders very little time to deploy patches and mitigations.

    So far more than 16 vulnerabilities were identified as being exposed,
    affecting 10 products. These include Microsoft Exchange (CVE-2023-21529), Papercut (CVE-2023-27351 and CVE-2023-27350), Ivanti Connect Secure and
    Policy Secure (CVE-2023-46805 and CVE-2024-21887), and ConnectWise ScreenConnect (CVE-2024-1709 and CVE-2024-1708).

    Other notable mentions include bugs in JetBrains TeamCity (CVE-2024-27198 and CVE-2024-27199), SimpleHelp (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728), CrushFTP (CVE202531161), SmarterMail (CVE-2025-52691), and BeyondTrust (CVE-2026-1731).

    After breaking in, the crooks would deploy a myriad of different tools to enable lateral movement, persistence, and stealth. Before deploying the
    Medusa ransomware variant, they would disable any antivirus or endpoint protection tools installed.

    Link to news story: https://www.techradar.com/pro/security/microsoft-flags-china-based-hackers-usi ng-vicious-new-rapid-attack-zero-days-to-launch-ransomware-at-targets-across-t he-world

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (1:2320/107)