Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.
Stay ahead with intelligence-driven cyberthreat research and reporting
January 15, 2026
LOTUSLITE: Targeted espionage leveraging geopolitical themes
January 07, 2026
MSP cybersecurity news digest, December 29, 2025
Active exploitation of “MongoBleed” flaw exposes data from over 87,000 servers, Patch released for high-severity RCE issue in n8n workflows, and more. Here are the latest threats to MSP security.
December 31, 2025
Acronis Cyberthreats Update, December 2025
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in November 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.
December 26, 2025
MSP cybersecurity news digest, December 22, 2025
Cyberattack on email services confirmed by France’s Interior Ministry, Maximum-severity RCE flaw disclosed in HPE OneView, and more. Here are the latest threats to MSP security.
December 08, 2025
MSP cybersecurity news digest, November 17, 2025
DanaBot resurfaces, resumes Windows infections after six-month shutdown, Mass phishing campaign targets hotel bookings with 4,300 fake sites, and more. These are the latest threats to MSP security.
November 25, 2025
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix
Acronis TRU researchers have discovered an ongoing campaign that leverages a novel combination of screen hijacking techniques with ClickFix, displaying a realistic, full-screen Windows Update of “Critical Windows Security Updates” to trick victims into executing malicious commands.
Threat Research Unit events
January 20, 2026, 3:00 PM (GMT+0)
The autonomous MSP: Scaling workspace and Microsoft 365 services profitably with AI-driven efficiency
Join Acronis experts and leading MSP innovators on January 13 as we explore how platform-ization and AI are transforming endpoint and Microsoft 365 service delivery.
English
1 hour
February 04, 2026, 3:00 PM (GMT+0)Protecting OT Systems after Windows 10 End of SupportLearn how to protect OT systems after Windows 10 end of support, assess migration options, compliance risks, and proven strategies to secure SCADA, HMI, and industrial IT without downtime.English1 hour
February 12, 2026, 3:00 PM (GMT+0)2026 Acronis Partner KickoffAI-Driven Protection for the Next Era of MSP Growth. Join our partner-only virtual event on February 12English1 hour
Webinar on demandCybersecurity Predictions 2026 Webinar: Tactics, Threats and DefensesJoin the Acronis Threat Research Unit (TRU) for an exclusive webinar on December 10. Discover key cybersecurity predictions for 2026, learn about emerging attack tactics, and explore defense strategie ...English
Webinar on demandBuilding OT cyber resilience to meet new compliance challengesDiscover how leading OT infrastructure operators are adapting their cyber resilience strategies to meet new compliance demands such as IEC 62443, NIS2, NERC-CIP, and GxP.English
Meet our speakers at upcoming events
SANS Cyber Threat Intelligence Summit & Training
www.sans.org Jan 26, 2026 | 03:50PM EST
Whenever, Wherever… Blind Eagle Attacks: The Shadow Vector Case
Santiago Pontiroli
In mid-2025, Colombian users became the target of a coordinated campaign known as Shadow Vector, which combined local social engineering with privilege escalation exploits and court-themed SVG lure documents.
CARO Workshop 2026 Innsbruck, Austria
caro2026.orgFebruary 26, 2026
No Payload For You: Inside Sidewinder’s Selective Exploitation Strategy
Eliad Kimhy
Eliad is a Senior Security Researcher at Acronis and has worked with security teams for nearly a decade, helping to build and lead the development of threat intelligence production and publish research-based content for both technical and general audiences.