A Jordanian national pleaded guilty on Thursday to charges of selling access to the networks of at least 50 companies through a cybercriminal forum.
Initial access brokers are key cogs in the cybercrime ecosystem, conducting the difficult work of breaking into victim networks before offering it up for sale or exploiting it themselves.
The Health-ISAC cyber information sharing organization warned healthcare organizations in January 2023 that r1z is a “known and credible” seller of illicit versions of Cobalt Strike, a popular penetration testing tool. The organization said the account “has been active since around June 2022 and has previously offered unauthorized access via compromised Confluence, Microsoft Exchange, SonicVPN, and VMWare accounts.”
