Introducing the Acronis TRU Alliance Series. This new series highlights collaborative research analysis between Acronis Threat Research Unit (TRU) and other leading threat intelligence teams. In this first post of our collaboration series, we’ve teamed up with VirusTotal (VT) to share practical insights from Acronis TRU on several recent reports.
Acronis Threat Research Unit (TRU) analyzed DragonForce, a Conti-derived ransomware-as-a-service active since 2023, documenting its malware, affiliate model and links to Scattered Spider.
Major European airports including Heathrow, Brussels, Berlin, and Dublin have reported disruptions in check-in, boarding, and kiosk systems. The outages have been linked to Collins Aerospace’s passenger processing platform MUSE, a system used across many international airports.
Acronis' Threat Research Unit discovered a rare in-the-wild example of a FileFix attack — a new variant of the now infamous ClickFix attack vector.
Over the past months, Acronis TRU (Threat Research Unit) has identified multiple active and ongoing campaigns leveraging trojanized versions of ConnectWise ScreenConnect to gain initial access to victim networks and compromise target machines.
Acronis Threat Research Unit (TRU) analyzed recent samples of Akira and Lynx ransomware families to see the latest changes and tweaks implemented by the groups.
The Acronis Threat Research Unit (TRU) uncovered a new malware campaign involving Leet Stealer, RMC Stealer (a modified version of Leet Stealer) and Sniffer Stealer.
SafePay ransomware group has quietly and aggressively built momentum in Q1 2025, striking over 200 victims worldwide, including MSPs and SMBs.
The Acronis Threat Research Unit (TRU) identified an ongoing malware campaign named Shadow Vector that is actively targeting users in Colombia through malicious SVG files masquerading as urgent court notifications.
Chaos RAT is an open-source remote administration tool (RAT) first seen in 2022. It evolved in 2024, and new samples have been discovered by TRU in 2025.
Acronis Threat Research Unit (TRU) uncovered a new SideWinder APT campaign targeting high-level government institutions in Sri Lanka, Bangladesh and Pakistan.
Astaroth, also known as Guildma, is a sophisticated piece of malware that first emerged in 2018 and has since undergone significant evolution, adapting to new security measures and refining its attack methodologies.