TRU Security

Updates from Acronis Threat Research Unit

Acronis
Trojanized ScreenConnect installers evolve, dropping multiple RATs on a single machine
Over the past months, Acronis TRU (Threat Research Unit) has identified multiple active and ongoing campaigns leveraging trojanized versions of ConnectWise ScreenConnect to gain initial access to victim networks and compromise target machines.
Insights
August 21, 2025 — 5 min read
Acronis
MSP cybersecurity news digest, August 13, 2025
Clinical data stolen in cyberattack on dialysis provider DaVita, Chanel, Pandora, Google and Cisco...
August 18, 2025 — 4 min read
MSP cybersecurity news digest, August 4, 2025
Scattered Spider group disrupted, but imitators carry on, Fake OAuth apps and Tycoon phishing kit used...
August 11, 2025 — 3 min read
Acronis Cyberthreats Update, August 2025
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis...
August 05, 2025 — 4 min read
MSP cybersecurity news digest, July 29, 2025
Benign-appearing panda images used by new Koske Linux malware to deliver malicious code, Turkish...
August 04, 2025 — 19 min read
MSPs a top target for Akira and Lynx ransomware
Acronis Threat Research Unit (TRU) analyzed recent samples of Akira and Lynx ransomware families to...
July 24, 2025 — 4 min read
MSP cybersecurity news digest, July 14, 2025
SafePay inflicts major ransomware attack on Ingram Micro, Oyster malware loader spread through SEO...
July 16, 2025 — 4 min read
MSP cybersecurity news digest, July 7, 2025
Zurich nonprofit Radix hit by Sarcoma ramsomware group, resulting in theft of 1.3TB of data, Google...
July 14, 2025 — 3 min read
Acronis Cyberthreats Update, July 2025
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis...
June 30, 2025 — 4 min read
MSP cybersecurity news digest, June 30, 2025
ConnectWise ScreenConnect installer exploited by authenticode stuffing technique, attackers breach...

Trends and analysis

November 28, 2022 — 9 min read
Acronis
AXLocker ransomware doesn’t change files’ extensions
AXLocker is a ransomware that was found by malware researcher ‘S!ri,’ who posted it on Twitter. Later,...
November 25, 2022 — 8 min read
Acronis
Killnet ransomware — a wiper from the Chaos family
Killnet is a Russian hacker group, previously known for providing DDoS services. At the end of October...
October 13, 2022 — 3 min read
Acronis
AV-Comparatives: Acronis Cyber Protect Cloud earns 100%...
We’re proud to share that Acronis Cyber Protect Cloud with Advanced Security received excellent...
September 22, 2022 — 9 min read
Acronis
RapperBot: A new threat for IoT devices
On June 22, 2022, CNCERT IoT Threat Research Team and NSFOCUS FuYingLab monitored a new botnet that...
September 16, 2022 — 2 min read
Acronis
AV-TEST: Acronis Cyber Protect earns macOS certification,...
AV-TEST, the renowned independent evaluator of antivirus and security solutions, recently released the...
August 25, 2022 — 9 min read
Acronis
SideWinder uses weaponized Word documents to compromise...
The SideWinder APT group was first discovered in 2018, and since earlier this year has been actively...