Hunting Down Initial Access Brokers with DARKBEAST

KELA’s Cyber Intelligence Center

Initial access brokers have taken the spotlight over the last year following their strong efforts – and success – of significantly facilitating network intrusions for ransomware affiliates and operators. These initial access brokers (“IAB”) continue to gain popularity as they become more active and popular in the cybercrime underground ecosystem. This blogpost will explore the different ways that users can leverage DARKBEAST to track and defeat initial access brokers before they cause harm.

The blogpost will explain how DARKBEAST can be used to:

1. Identify noteworthy initial access brokers’ listings with the click of a button.

2. Pivot to investigate initial access brokers or network access listings by utilizing complex queries, metadata searches and Boolean logic.

3. Subscribe to relevant queries in order to track new results over time and receive real-time notifications.

4. Identify Initial Access Brokers hindering threats behind images rather than in plaintext.

5. Leverage finished intelligence compiled by KELA’s experts to gain more contextualized insights about various brokers or listings.

6. Retrieve and analyze data about initial access brokers in your existing tools using the DARKBEAST API.