In 2023, cybersecurity experts uncovered an extensive compromise in critical infrastructure enterprises by a sophisticated threat actor group.

This initial access broker, dubbed “ToyMaker,” systematically exploited vulnerable internet-facing systems before deploying custom backdoors to extract credentials from victim organizations.