English 
Русский 
简体中文 
Português do Brasil 
Français 
Español 
Türkçe 
Polski 
Tiếng Việt 
한국어 
Nederlands 
Italiano 
日本語 
Eesti 
Čeština 
മലയാളം 
Bahasa Melayu 
हिन्दी 
اردو 
Bahasa Indonesia 
Safe WebInitial Access Brokers (IABs) are a type of cybercriminal involved in cybercrime markets which facilitate the initial access of systems and networks for malicious activities. Typically, cybercriminal organizations and individuals seeking access to remote systems or networks to launch attacks or perform illicit activities, such as data theft or distribution of malignant software, may pay IABs for access to such resources. This enables them to launch distributed denial-of-service (DDoS) attacks, perform remote code execution (MRE), conduct ransomware activity, or to obtain access to sensitive data.
Though their activities are often related, IABs should not be confused with other ‘cyber-brokers’ or ‘cyber-clients’ operating within the cybercrime underground. The term ‘Initial Access Broker’ (IAB) is most commonly used to describe a specific subcategory of cybercrime actors who act as intermediaries for their clients, providing them with access to resources necessary to launch their attacks.
IABs typically offer a variety of services, including credential and vulnerability sales, IP scanning and reconnaissance, denial-of-service attacks, spam campaigns, ransomware, as well as access to admin and root access accounts on corporate networks. IABs typically operate within cybercrime markets, forums, or broker platforms, where they can purchase access credentials, offer services, or exchange information related to attacks, vulnerabilities, or malicious actors.
IABs can be characterized by the type of services they offer, the type and number of perpetrators they target, and their payment methods. They are often located in remote countries and typically employ numerous anonymous proxies and jumbled communication paths to remain anonymous and obscure their activity. Cybersecurity researchers typically rely on OSINT tools and techniques to identify and track IABs.
Though understanding of IABs and their activities is essential for preventing attacks, there has been very little research on identifying and disrupting them. By comprehending their techniques and strategies in action, organizations can improve their defenses against these actors and reduce their chances of becoming the target of attacks.
