ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

[hackerbot]

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be

Source: https://thehackernews.com/2025/04/toyma ... ss-to.html