Q1 2026 has been defined by speed. Storm-1175, a financially motivated affiliate of the Medusa ransomware-as-a-service operation, has emerged as the quarter’s most aggressive threat to Australian businesses, weaponising newly disclosed vulnerabilities in internet-facing systems and moving from initial breach to full ransomware deployment in as little as 24 hours.
The group’s playbook is methodical and proven: exploit a public-facing application, create a local admin account, dump credentials from LSASS, raid Veeam backup databases, then push Medusa ransomware (Gaze.exe) network-wide via PDQ Deployer or Group Policy. Microsoft Threat Intelligence confirmed in April 2026 that Australian organisations are being actively targeted, with healthcare, education, professional services, and financial services bearing the brunt.
cyber-security
Excite Cyber Threat Intelligence Report – Q1 2026
Q1 2026 has been defined by speed. Storm-1175, a financially motivated affiliate of the Medusa ransomware-as-a-service operation, has emerged as the quarter’s most aggressive threat to Australian businesses, weaponising newly disclosed vulnerabilities in internet-facing systems and moving from initial breach to full ransomware deployment in as little as 24 hours.
29 April 2026
