Initial Access Broker (IAB)
An initial access broker is a threat actor or service that sells footholds — compromised VPN credentials, RDP access, or web shells — to other criminals who deploy ransomware or data theft. Tracking IAB infrastructure helps prioritize blocking and hunting before payloads land.
Frequently Asked Questions
What is Initial Access Broker (IAB)?
An initial access broker is a threat actor or service that sells footholds — compromised VPN credentials, RDP access, or web shells — to other criminals who deploy ransomware or data theft. Tracking IAB infrastructure helps prioritize blocking and hunting before payloads land.
How is Initial Access Broker (IAB) related to Threat Actor?
Initial Access Broker (IAB) and Threat Actor are both key concepts in threat intelligence. A threat actor is any individual, group, or organization that conducts malicious cyber activity. Threat actors are classified by motivation (financial, espionage, hacktivism), capability (nation-state, organized crime, script kiddie), and targeting patterns. Attribution helps predict future attack patterns.