Ilia has over seven years of experience in the cybersecurity industry. At Acronis, he is focused on threat research, malware analysis, and detection engineering. Previously, he worked as a Senior Security Analyst, where he specialized in incident response, forensic investigations, but also participated in penetration testing.
Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.
Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.
Over the past months, Acronis TRU (Threat Research Unit) has identified multiple active and ongoing campaigns leveraging trojanized versions of ConnectWise ScreenConnect to gain initial access to victim networks and compromise target machines.
The Acronis Threat Research Unit (TRU) uncovered a new malware campaign involving Leet Stealer, RMC Stealer (a modified version of Leet Stealer) and Sniffer Stealer.
The Acronis Threat Research Unit (TRU) identified an ongoing malware campaign named Shadow Vector that is actively targeting users in Colombia through malicious SVG files masquerading as urgent court notifications.
Threat actors are using Winword, an ancient version of Microsoft Office, to target drone manufacturers in Taiwan. Read the full analysis from the TRU Security team.
Zola ransomware is the latest addition to the Proton ransomware family. Acronis researchers break down the evolution of a Zola attack, from execution to encryption.