Security Research

Chaos RAT is an open-source remote administration tool (RAT) first seen in 2022. It evolved in 2024, and new samples have been discovered by TRU in 2025.

Acronis Threat Research Unit (TRU) uncovered a new SideWinder APT campaign targeting high-level government institutions in Sri Lanka, Bangladesh and Pakistan.

Astaroth, also known as Guildma, is a sophisticated piece of malware that first emerged in 2018 and has since undergone significant evolution, adapting to new security measures and refining its attack methodologies.

We’ve recently come across a complex delivery chain utilizing multiple script languages designed to deploy high-profile malware families such as the open-source-made DCRat or the Rhadamanthys infostealer.

SharpRhino is delivered as legitimate software and grants remote access to the victim's machine. Read our full analysis to see how attackers use it to propagate other malware.

Skuld, also known as TMPN Stealer, is an information-stealing malware written in Golang (Go) that emerged in May 2023. Read the full analysis of this open-source threat.

Threat actors are using Winword, an ancient version of Microsoft Office, to target drone manufacturers in Taiwan. Read the full analysis from the TRU Security team.

Users who have not properly configured Microsoft Exchange are exposed to email spoofing, which could lead to email compromise, data breaches and more.

In today’s rapidly evolving digital landscape, regularly scanning a company’s external perimeter for vulnerabilities іs not only a proactive measure, but also an essential defense strategy.

Zola ransomware is the latest addition to the Proton ransomware family. Acronis researchers break down the evolution of a Zola attack, from execution to encryption.

Eldorado ransomware has been active from at least March 2024. It mostly targets U.S. companies, including health care, education and government sectors.

Hunters International ransomware was first spotted in October 2023. While it shares many similarities with Hive ransomware, it is not a rebrand. But like Hive, Hunters International works as ransomware as a service (RaaS) and besides encryption, it also exfiltrates victim data.