Initial Access Broker (IAB)
A cybercriminal who specializes in breaching networks and selling that access to other threat actors.
Full Definition
An Initial Access Broker (IAB) is a threat actor who specializes in gaining unauthorized access to organizational networks and selling that access to other criminals — often ransomware operators, espionage groups, or data theft teams — rather than exploiting it directly.\n\nIABs monetize the effort of initial compromise, which is often the most difficult stage of an attack. They advertise corporate network access on cybercrime forums with details such as the target company size, industry, revenue, level of access (domain admin, VPN, RDP), and asking price — which can range from a few hundred to hundreds of thousands of dollars.\n\nCommon methods for obtaining initial access include exploiting VPN and RDP vulnerabilities, phishing campaigns, and purchasing credentials from infostealer logs. The IAB economy has been a significant enabler of the ransomware-as-a-service (RaaS) ecosystem.
Related Terms
Ransomware
Malware that encrypts victim data and demands payment for the decryption key.
Malware & InfrastructureCybercrime Forum
Underground online communities where threat actors buy, sell, and exchange stolen data, tools, and services.
CybercrimeInfostealer
Malware designed to silently harvest credentials, cookies, and sensitive data from infected devices.
Malware & InfrastructureThreat Actor
Any individual or group that carries out or has the intent to carry out malicious cyber activities.
Threat ActorsMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.