TRU Security Acronis

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in December 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.

16. 1. 2026

Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.

15. 1. 2026

ClickFix campaigns use fake BSOD screens to trick users into running malware, Newly disclosed Veeam issues highlight ongoing risks to backup infrastructure, and more. Here are the latest threats to MSP security.

12. 1. 2026

In a newly identified campaign, internally referred to as Boto Cor-de-Rosa, our researchers discovered that Astaroth now exploits WhatsApp Web as part of its propagation strategy.

8. 1. 2026

Fake KMSAuto activators spread malware tied to large-scale crypto losses, Zoom-themed browser extensions steal corporate meeting data at scale, and more. Here are the latest threats to MSP security.

5. 1. 2026

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in November 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.

31. 12. 2025

Active exploitation of “MongoBleed” flaw exposes data from over 87,000 servers, Patch released for high-severity RCE issue in n8n workflows, and more. Here are the latest threats to MSP security.

29. 12. 2025

Cyberattack on email services confirmed by France’s Interior Ministry, Maximum-severity RCE flaw disclosed in HPE OneView, and more. Here are the latest threats to MSP security.

26. 12. 2025

This report is the result of a collaborative investigation between Hunt.io and the Acronis Threat Research Unit (TRU), in which both teams collaborated to map ongoing DPRK infrastructure activity, including Lazarus and Kimsuky.

18. 12. 2025

DanaBot resurfaces, resumes Windows infections after six-month shutdown, Mass phishing campaign targets hotel bookings with 4,300 fake sites, and more. These are the latest threats to MSP security.

8. 12. 2025

Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.

8. 12. 2025

Acronis TRU researchers have discovered an ongoing campaign that leverages a novel combination of screen hijacking techniques with ClickFix, displaying a realistic, full-screen Windows Update of “Critical Windows Security Updates” to trick victims into executing malicious commands.

24. 11. 2025

Acronis Threat Research Unit (TRU) observed a global malvertising / SEO campaign, tracked as “TamperedChef.” It delivers legitimate-looking installers that disguise as common applications to trick users into installing them, establish persistence and deliver obfuscated JavaScript payloads for remote access and control.

19. 11. 2025

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in October 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.

18. 11. 2025

Must-know cybersecurity news for MSPs: GlassWorm, ClickFix, Gootloader and the dangerous new era of AI-powered malware. Review key threats and a major public-sector breach.

10. 11. 2025

Introducing the Acronis TRU Alliance Series. This new series highlights collaborative research analysis between Acronis Threat Research Unit (TRU) and other leading threat intelligence teams. In this first post of our collaboration series, we’ve teamed up with VirusTotal (VT) to share practical insights from Acronis TRU on several recent reports.

10. 11. 2025

Qilin ransomware abuses Windows Subsystem for Linux to deploy Linux encryptors on Windows, Atroposia malware includes built-in vulnerability scanner for targeted exploitation, and more. Here are the latest threats to MSP security.

7. 11. 2025

Here is the MSP cybersecurity news digest for October 21, 2025 from the Acronis Threat Research Unit (TRU).

4. 11. 2025

Acronis Threat Research Unit (TRU) analyzed DragonForce, a Conti-derived ransomware-as-a-service active since 2023, documenting its malware, affiliate model and links to Scattered Spider.

4. 11. 2025

Urgent WSUS RCE flaw actively exploited! Plus: Fake LastPass inheritance emails steal vaults, Iran's MuddyWater APT targets government entities and a new RedTiger Discord infostealer.

28. 10. 2025