Hacker sets up Tor-based online shop to sell access to firms


A new threat actor has started selling access to major companies worldwide. What makes Br0k3r stand out, however, is that it’s one of the first to trade access through its own website.

ADVERTISEMENT

Br0k3r is what cybersecurity pundits call an initial access broker (IAB). These attackers have established themselves as a pillar of cybercrime. They sell access to various companies, allowing buyers to breach the organizations of their choice and infect them with ransomware.

Cybersecurity company IB-Group, which has been tracking the IAB market, has spotlighted a new IAB, Br0k3r. The attacker registered on one of the underground forums on June 17th. According to experts, Br0k3r is one of the “first to conduct private access sales through its own website.”

According to the Br0k3r’s website on Tor, it’s selling access to 47 networks worldwide. Four of them have already been sold, including access to an electricity firm with a revenue of $370 million, among others.

Broker website screenshot
Screenshot by Cybernews.

Most companies on the list seem to be major players, making tens of millions of dollars in revenue. Some of the biggest potential catches for criminals include a Spanish manufacturer, a supplier and installer of tracker equipment with $600 million in revenue, and a Norwegian multinational company with a staggering $1.1 billion in revenue.

Br0k3r is selling access to companies in the US, UK, UAE, Taiwan, and Switzerland, among other countries.

According to the IB-Group’s Hi-Tech Crime Trend Report, IABs usually compromise VPN and RDP accounts to penetrate an organization's network. During the period June 2021 to June 2022, there were 380 active IABs worldwide.

ADVERTISEMENT