Threat IntelligenceApr 26, 2026
ā¼ļøš®š± A threat actor is allegedly selling ASPX webshell access with Network Admin privileges to...
Threat actor Toton sells ASPX webshell access to Israeli tech company for $800 on cybercrime forum.
Summary
A threat actor operating under the alias Toton is allegedly offering ASPX webshell access with Network Admin privileges to an undisclosed Israeli technology/SaaS company on a cybercrime forum for $800. This represents an initial access sale, a common precursor to ransomware or espionage attacks. The targeting of Israeli infrastructure aligns with geopolitical tensions and ongoing cyber operations.
Indicators of Compromise
- malware ā ASPX webshell
Entities
Toton (threat_actor)ASPX webshell (technology)