A Jordanian national pleaded guilty to selling network access and malware that disables endpoint detection tools, affecting numerous companies and linked to a ransomware attack. The case highlights the role of initial access brokers and the ongoing threat posed by the ār1zā cybercrime forum account. #CVE-2022-26134 #CobaltStrike
Keypoints
- Feras Albashiti sold access to at least 50 companies via a cybercrime forum.
- He provided malware capable of disabling multiple EDR solutions, which FBI purchased for investigations.
- The same IP address used by Albashiti was linked to a ransomware attack causing $50 million in damages.
- The ār1zā account was known for offering exploits and illicit cybersecurity tools since 2022.
- Cybersecurity agencies consistently identified ār1zā as a credible threat actor targeting vulnerable systems.
Read More: https://therecord.media/guilty-plea-initial-access-broker-r1z