Initial Access Brokers (IABs) are threat actors whose primary objective is to gather and sell accesses to various organizations. They specialize in “breach and infiltrate” to collate initial accesses that are then sold to the highest bidder.The question that often comes up is: why stop at gaining access?
There are several reasons for this. One, it takes concerted effort and resources to carry out a full-fledged cyberattack once they have access to an organization’s internal networks. While organized black-hat groups have the manpower, money, and infrastructure capabilities to escalate their privileges, to achieve lateral movement across the network, and to identify and exfiltrate data, individual actors lack the resources to manage the volume and complexity of these activities
CloudSEK’s research report on the "Rise of Initial Access Brokers: Threat actors who facilitate cyber-attacks, APT groups, and ransomware campaigns.
Initial Access Brokers (IABs) are threat actors whose primary objective is to gather and sell accesses to various organizations. They specialize in “breach and infiltrate” to collate initial accesses that are then sold to the highest bidder.The question that often comes up is: why stop at gaining access?
There are several reasons for this. One, it takes concerted effort and resources to carry out a full-fledged cyberattack once they have access to an organization’s internal networks. While organized black-hat groups have the manpower, money, and infrastructure capabilities to escalate their privileges, to achieve lateral movement across the network, and to identify and exfiltrate data, individual actors lack the resources to manage the volume and complexity of these activities