What are initial access brokers?
An initial access broker is a cybercriminal whose primary role is, well, gaining initial access to networks. Once they have access, IABs don't typically concern themselves with what happens next.
They'll steal credentials, compromise VPN sessions, steal remote desktop protocol (RDP) login information, deploy web shells, capture cloud access credentials, and then sell whatever they find to the highest bidder on dark web forums and marketplaces. Since their business is access, they usually provide detailed documentation on who that access leads to: the size of the company, its industry, estimated revenue, the level of access stolen, and so on. Buyers can "shop" for access on cybercrime forums, combing through access broker listings like a catalog.