Initial access brokers breach as many organizations as they can, but instead of using that access to steal data or cause disruption themselves, they sell access to other threat actors, including ransomware operators and nation-state groups.

Digital Shadows has been monitoring initial access brokers for years, but the company says the coronavirus pandemic that hit the world in 2020 boosted their popularity. On many major cybercrime forums, these types of services are now more prominently displayed compared to previous years.