"On May 19 of that year, while working under the alias r1z, he unwittingly sold an undercover FBI agent access to the businesses in exchange for cryptocurrency. The agent spotted that Albashiti was advertising access to the companies that all used one of two firewall products. After making the purchase totaling $5,000, the IAB sent a list of IP addresses, usernames, and instructions on how to bypass the firewalls to gain access to the victims' networks."
"the undercover agent later gave Albashiti a further $15,000 in exchange for a copy of an effective EDR-disabling malware, and separately purchased malware for elevating user privileges. During the process of the EDR killer purchase, the undercover agent asked Albashiti to demonstrate the malware worked by connecting to an FBI-controlled server. In doing so, Albashiti revealed his IP address, which also implicated him in a ransomware attack on an unnamed US manufacturer that led to $50 million in losses, according to court documents."
Feras Khalil Ahmad Albashiti, 40, admitted to functioning as an initial access broker who facilitated cyberattacks on at least 50 U.S. companies during 2023. Operating under the alias r1z, he sold network access and provided IP addresses, usernames, and firewall-bypass instructions after receiving cryptocurrency payments. An undercover FBI agent purchased initial access for $5,000 and later paid $15,000 for EDR-disabling malware and additional malware for privilege escalation. During a demonstration connection, Albashiti exposed his IP address, linking him to a ransomware incident that caused $50 million in losses. He was identified via visa and payment records, extradited in July 2024, and faces sentencing on May 11, 2026.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]