Ilia has over seven years of experience in the cybersecurity industry. At Acronis, he is focused on threat research, malware analysis, and detection engineering. Previously, he worked as a Senior Security Analyst, where he specialized in incident response, forensic investigations, but also participated in penetration testing.
Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.
Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.
Over the past months, Acronis TRU (Threat Research Unit) has identified multiple active and ongoing campaigns leveraging trojanized versions of ConnectWise ScreenConnect to gain initial access to victim networks and compromise target machines.
Threat actors are using Winword, an ancient version of Microsoft Office, to target drone manufacturers in Taiwan. Read the full analysis from the TRU Security team.
Zola ransomware is the latest addition to the Proton ransomware family. Acronis researchers break down the evolution of a Zola attack, from execution to encryption.
Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.
Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.
Over the past months, Acronis TRU (Threat Research Unit) has identified multiple active and ongoing campaigns leveraging trojanized versions of ConnectWise ScreenConnect to gain initial access to victim networks and compromise target machines.
Threat actors are using Winword, an ancient version of Microsoft Office, to target drone manufacturers in Taiwan. Read the full analysis from the TRU Security team.
Zola ransomware is the latest addition to the Proton ransomware family. Acronis researchers break down the evolution of a Zola attack, from execution to encryption.