The 2025 Access Brokers Report

Network access is the key to both private and organizational systems, and to the information stored upon them. Some of this information is of significant value, and so Initial Access Brokers (IABs) have taken up residence on dark web forums, selling network access to the highest bidders.

These forums, digital bazaars of an endless supply of compromised networks, place unauthorized access directly into the hands of those who most want it. Whether it’s a professional threat actor wanting to skip the early-stage hassle of mapping out an Initial Access Vector (IAV), or a newcomer lacking the technical skills to clear the first hurdle, a network of websites is on hand to give them what they need.

Brokers use a variety of tactics to gain a foothold into a network before going on to offer it up for sale. System vulnerabilities, phishing, social engineering, or malware may be used in order to obtain initial access. Pricing may be at least partially based around the time or complexity used to gain access. Lowhanging fruit is ideal for an IAB operation. Weak or absent multi-factor authentication (MFA), exposed and vulnerable devices, reused passwords — anything which means access is compromised so a broker can move on to their next target.