Threat Research

    Introducing Toymaker, an Initial Access Broker Working in Cahoots with Double Extortion Gangs

    In 2023, "ToyMaker," an initial access broker (IAB), was discovered working with double extortion gangs. Believed to be financially motivated, ToyMaker exploits internet-exposed vulnerabilities to deploy a custom backdoor called "LAGTOY" on victim systems, allowing access and credential extraction. LAGTOY enables reverse shells and command execution....
    4/25/2025  0
    Read More »

    Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

    "Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal" refers to the use of BackConnect malware by these ransomware groups, as part of their evolving tactics. Attackers exploited social engineering, Microsoft Teams, Quick Assist, and tools like OneDriveStandaloneUpdater.exe to gain initial access and escalate privileges....
    3/4/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.