This report is the result of a collaborative investigation between Hunt.io and the Acronis Threat Research Unit (TRU), in which both teams collaborated to map ongoing DPRK infrastructure activity, including Lazarus and Kimsuky.

DanaBot resurfaces, resumes Windows infections after six-month shutdown, Mass phishing campaign targets hotel bookings with 4,300 fake sites, and more. These are the latest threats to MSP security.

Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.

Acronis TRU researchers have discovered an ongoing campaign that leverages a novel combination of screen hijacking techniques with ClickFix, displaying a realistic, full-screen Windows Update of “Critical Windows Security Updates” to trick victims into executing malicious commands.

Acronis Threat Research Unit (TRU) observed a global malvertising / SEO campaign, tracked as “TamperedChef.” It delivers legitimate-looking installers that disguise as common applications to trick users into installing them, establish persistence and deliver obfuscated JavaScript payloads for remote access and control.

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in October 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.

Must-know cybersecurity news for MSPs: GlassWorm, ClickFix, Gootloader and the dangerous new era of AI-powered malware. Review key threats and a major public-sector breach.