Hackers Set Up Online Shop to Sell Access to Firms

This post is also available in: עברית (Hebrew)

Hackers who try to sell access to major companies worldwide are no breaking news in the world of cybercrime. What makes Br0k3r stand out is that they are trying to sell this access and information through their own “online shop” website.

Br0k3r is what cybersecurity experts call an initial access broker (IAB). These attackers have established themselves as a major name in cybercrime. They sell access to various companies from the US, UK, UAE, Taiwan, and Switzerland among other countries. They then allow buyers to breach the organizations of their choice and infect them with ransomware, according to Cybernews.

IB-Group, a cybersecurity company that has been tracking the IAB market has spotlighted a new IAB, Br0k3r. This attacker was mentioned on one of the underground forums on June 17th. According to experts, Br0k3r is one of the “first to conduct private access sales through its own website.”

According to Br0k3r’s website, it’s selling access to 47 different networks worldwide, four of which have already been sold, including access to an electricity firm with a revenue of $370 million, among others.

Most of the companies on the list seem to be major players, making tens of millions of dollars in revenue. Some of the biggest potential catches for criminals include a Spanish manufacturer, a supplier and installer of tracker equipment with $600 million in revenue, and a Norwegian multinational company with a staggering $1.1 billion in revenue.

According to the IB-Group Report, IABs usually compromise VPN and RDP accounts to penetrate an organization’s network. There were 380 active IABs worldwide between June 2021 and June 2022.