Santiago leads global investigations into advanced threat actors, cybercrime ecosystems, and emerging attack techniques. He specializes in analyzing nation-state actors, criminal organizations, and financially motivated threat groups, focusing on malware analysis, reverse engineering, and developing advanced detection capabilities. With over 15 years of experience in cybersecurity, he has presented original research at leading international conferences including Virus Bulletin, CARO, MITRE ATT&CK, BlueHat, AVAR, Nuit du Hack, and ekoParty, among others.
Acronis Threat Research Unit (TRU) identified a new variant of the LOTUSLITE backdoor with a theme related to India's banking sector, delivered via DLL sideloading using a legitimate Microsoft-signed executable.
Introducing the Acronis TRU Alliance Series. This new series highlights collaborative research analysis between Acronis Threat Research Unit (TRU) and other leading threat intelligence teams. In this first post of our collaboration series, we’ve teamed up with VirusTotal (VT) to share practical insights from Acronis TRU on several recent reports.
Acronis Threat Research Unit (TRU) analyzed DragonForce, a Conti-derived ransomware-as-a-service active since 2023, documenting its malware, affiliate model and links to Scattered Spider.
The Acronis Threat Research Unit (TRU) identified an ongoing malware campaign named Shadow Vector that is actively targeting users in Colombia through malicious SVG files masquerading as urgent court notifications.
Chaos RAT is an open-source remote administration tool (RAT) first seen in 2022. It evolved in 2024, and new samples have been discovered by TRU in 2025.
Acronis Threat Research Unit (TRU) uncovered a new SideWinder APT campaign targeting high-level government institutions in Sri Lanka, Bangladesh and Pakistan.