As of May 2022, MedusaLocker has been observed predominantly exploiting vulnerable Remote Desktop Protocol (RDP) configurations to access victims’ networks, according to a new joint Cybersecurity Advisory (CSA) from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and other law enforcement agencies.