Authors:
Alexander Ivanyuk — Senior Director, Technology
Irina Artioli — Cyber Protection Evangelist, TRU Researcher
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in July 2025 and reflect threats that Acronis detected, as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.
Incidents of the month
A wave of cyberattacks targeting Salesforce CRM systems at major companies like Qantas, Allianz Life, LVMH and Adidas has been definitively linked to the ShinyHunters hacking group. Using social engineering and voice phishing, attackers tricked employees into installing a malicious Salesforce Data Loader tool, which was then used to extract vast amounts of customer data.
At Qantas, over six million records were exposed, while Allianz confirmed a breach affecting nearly all U.S. policyholders. Though ShinyHunters has long been suspected in past incidents, this series of breaches marks the clearest attribution yet, with investigators tying the techniques and infrastructure directly to ShinyHunters' known operations. The campaign underscores how human manipulation and third-party platforms remain key entry points even in companies with strong technical defenses.
July malware detections
In July, Acronis Cyber Protect blocked nearly 500,000 malware threats on endpoints — a decrease of more than 30% from June.
The below tables show the percentage of Acronis clients that had at least one malware threat blocked at the endpoint, as well as the normalized percentage of clients with at least one malware detection. The higher the percentage, the higher the risk of a workload in that country being attacked by malware.
Protection
The aforementioned threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behavior-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Additional email security and URL filtering can help you protect against social engineering threats. And your Acronis #CyberFit score helps you quickly identify systems that need attention, while integrated patch management makes updating your software to the latest versions simple.
Acronis XDR for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.
