Use of Initial Access Brokers by Ransomware Groups
28.Jun.2021
Beatriz Pimenta and Lidia López, Blueliv labs, an Outpost24 company
Initial Access Brokers (IABs) are financially motivated threat actors that profit through the sale of remote access to corporate networks in underground forums, like Exploit, XSS, or Raidforums. The type of accesses offered are mostly Remote Desktop Protocol (RDP), Virtual Private Network (VPN), web shells, and remote access software tools offered by companies such Citrix, Pulse Secure, Zoho, or VMware. However, threat actors are also selling information and tools to perform intrusions into companies through SQL injections, remote code execution (RCE) exploits, and other vulnerabilities.
Read More