Access Broker (AB)

An access broker is a cybercriminal who specializes in gaining unauthorized access to computer systems and then selling that access to other threat actors.

These individuals typically focus on the initial compromise phase of cyberattacks, using various techniques such as phishing, credential stuffing, or exploiting vulnerabilities to breach networks and establish persistent access.

Access brokers operate as intermediaries in the cybercriminal ecosystem, selling their compromised access through dark web marketplaces to ransomware groups, data thieves, or other malicious actors who lack the technical skills or time to perform initial network penetration themselves. They often advertise their wares by specifying the type of organization compromised, the level of access obtained (such as domain administrator privileges), and the asking price.

This division of labor makes cyberattacks more efficient and dangerous, as it allows specialized criminals to focus on their particular expertise while expanding the pool of potential attackers. Access brokers have become increasingly prevalent in recent years, contributing significantly to the rise in ransomware attacks and data breaches by lowering the barrier to entry for less technically sophisticated criminal groups.