Threat Research Unit is a dedicated Acronis unit composed of experienced cybersecurity experts. Our team includes cross-functional experts in cybersecurity, AI, and threat intelligence. We are empowering IT teams with intelligence-driven cyberthreat research and reporting.
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in December 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.
Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.
ClickFix campaigns use fake BSOD screens to trick users into running malware, Newly disclosed Veeam issues highlight ongoing risks to backup infrastructure, and more. Here are the latest threats to MSP security.
In a newly identified campaign, internally referred to as Boto Cor-de-Rosa, our researchers discovered that Astaroth now exploits WhatsApp Web as part of its propagation strategy.
Fake KMSAuto activators spread malware tied to large-scale crypto losses, Zoom-themed browser extensions steal corporate meeting data at scale, and more. Here are the latest threats to MSP security.
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in November 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.
Active exploitation of “MongoBleed” flaw exposes data from over 87,000 servers, Patch released for high-severity RCE issue in n8n workflows, and more. Here are the latest threats to MSP security.
Cyberattack on email services confirmed by France’s Interior Ministry, Maximum-severity RCE flaw disclosed in HPE OneView, and more. Here are the latest threats to MSP security.
This report is the result of a collaborative investigation between Hunt.io and the Acronis Threat Research Unit (TRU), in which both teams collaborated to map ongoing DPRK infrastructure activity, including Lazarus and Kimsuky.
DanaBot resurfaces, resumes Windows infections after six-month shutdown, Mass phishing campaign targets hotel bookings with 4,300 fake sites, and more. These are the latest threats to MSP security.
Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.
Acronis TRU researchers have discovered an ongoing campaign that leverages a novel combination of screen hijacking techniques with ClickFix, displaying a realistic, full-screen Windows Update of “Critical Windows Security Updates” to trick victims into executing malicious commands.