Cybersecurity Researchers Detail Activities of ToyMaker, an Initial Access Broker
CybersecurityRansomwareInitialAccessBrokerToyMakerLAGTOYHOLERUNCACTUSDoubleExtortionThreatActorVulnerableSystems
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) named ToyMaker, which has been observed providing access to double extortion ransomware groups like CACTUS. ToyMaker is assessed with medium confidence as a financially motivated threat actor, scanning vulnerable systems and deploying custom malware called LAGTOY (aka HOLERUN).