Security News > 2021 > November > BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups

A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns.

The threat landscape as we know it has been increasingly dominated by a category of players known as the initial access brokers, who are known to provide other cyber-criminal groups, including ransomware affiliates, with a foothold to an infinite pool of potential organizations belonging to diverse geographies and sectors via persistent backdoors into the victim networks, effectively building a pricing model for remote access.

"IABs typically first gain entry into a victim's network, then sell that access to the highest bidder on underground forums located in the dark web," BlackBerry researchers noted in a technical report published last week.

An August 2021 analysis of more than 1,000 access listings advertised for sale by IABs in underground forums on the dark web found that the average cost of network access was $5,400 for the period July 2020 to June 2021, with the most valuable offers including domain admin privileges to enterprise systems.

The IAB's overlaps and wide targeting has also led the researchers to believe that the operator "Either has a lot of manpower or they've set up some large 'hidden in plain sight' traps across the internet," enabling MountLocker, Phobos and StrongPity to source their access to targeted networks.

"The interlinking web of malicious infrastructure seen throughout this research has shown that, in a manner that mirrors the legitimate business world, cybercrime groups are in some cases run not unlike multinational organizations," the researchers said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/ZwCF24m6OzA/blackberry-uncover-initial-access.html