Tag: initial access broker

4 Attack Reports | 0 Vulnerabilities

Attack reports

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

A spam campaign targeting Brazilian users, particularly C-level executives and financial/HR accounts, has been identified since January 2025. The campaign exploits commercial remote monitoring and management (RMM) tools, specifically PDQ Connect and N-able remote access tools. Attackers use Brazili…

initial access broker

Published: May 8, 2025

Downloadable IOCs: 26

Lessons from Ted Lasso for cybersecurity success

This article draws parallels between the popular TV show Ted Lasso and the cybersecurity industry, emphasizing the importance of intellectual curiosity in the field. The author, William Largent, discusses his approach to interviewing candidates for Talos, focusing on their innate curiosity rather t…

initial access broker

cybersecurity news

intellectual curiosity

lagtoy backdoor

cactus ransomware

Published: April 24, 2025

Downloadable IOCs: 4

Introducing ToyMaker

The initial access broker (IAB), whom Talos calls “ToyMaker” and assesses with medium confidence is a financially motivated threat actor, exploits vulnerable systems exposed to the internet. They deploy their custom-made backdoor we call “LAGTOY” and extract credentials from the victim enterprise. …

initial access broker

Published: April 23, 2025

Downloadable IOCs: 20

Play Ransomware Engagement

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group, as a key player in a recent ransomware incident. The group appears to be collaborating with the Play ransomware group, marking a shift in their tactics. This is the first observed instance of Jumpy Pisces using existi…

reconnaissance general bureau

initial access broker

korean people's army

fiddling scorpius

play ransomware

Published: October 30, 2024

Downloadable IOCs: 0

Click here to see more Attack Reports