Monday 06 July 2026 08:47:03 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Initial access broker (IAB)

An actor that specializes in gaining access and passing it to other criminals.

An initial access broker is a criminal actor that specializes in breaking into organizations and then selling or handing over that foothold to other threat groups. Instead of running the whole intrusion, the broker focuses on the first stage: getting valid credentials, remote access, or another durable path into a network. That access is then monetized as a commodity.

IABs matter because they lower the barrier for ransomware crews, data thieves, and other operators who want to skip the noisy entry phase. They commonly gain access through phishing, stolen passwords, exposed remote services, or malware that creates a persistent backdoor. Defenders should treat unexpected logins, reused credentials, and new remote-access tools as potential signs of broker activity, and monitor for persistence, lateral movement, and signs that access is being packaged for resale.

← WIKICROOK index