Jordanian hacker admits selling access to 50 corporate networks
▼ Summary
– Feras Khalil Ahmad Albashiti, a Jordanian man, pleaded guilty to fraud for selling access to the computer networks of at least 50 companies.
– He was extradited from Georgia to the U.S. in July 2024 and is scheduled for sentencing in May 2026, facing up to 10 years in prison.
– Albashiti was identified and charged after selling network access to an undercover law enforcement officer for cryptocurrency in May 2023.
– Initial access brokers like Albashiti are critical middlemen in cybercrime, providing credentials for others to breach networks and deploy ransomware or steal data.
– This case follows other similar prosecutions, and Microsoft has warned that such brokers are actively abusing trusted Windows utilities to enable ransomware attacks.
A Jordanian national has admitted to federal charges for his role as a cybercriminal middleman, selling illicit entry points into the networks of dozens of corporations. This guilty plea underscores the persistent threat posed by initial access brokers, who act as critical enablers for more damaging ransomware and data theft campaigns by providing other hackers with the keys to corporate digital fortresses.
The defendant, 40-year-old Feras Khalil Ahmad Albashiti, operated online under aliases including “r1z.” His activities came to an end after a significant misstep: in May 2023, he negotiated the sale of network access for at least 50 victim companies to an individual who was actually an undercover law enforcement officer. The transaction was conducted using cryptocurrency. Investigators had already identified Albashiti as the user “r1z” on a forum dedicated to selling malware and malicious code.
Following his arrest, Albashiti was extradited from Georgia, where he resided, to the United States in July 2024 with assistance from the Justice Department’s Office of International Affairs. He has now pleaded guilty to charges of fraud in connection with access credentials. U.S. District Judge Michael A. Shipp is scheduled to sentence him on May 11, 2026. The charges carry a potential maximum penalty of ten years in federal prison and a fine of up to $250,000, or twice the gross financial gains or losses from the criminal scheme.
This case highlights the lucrative and dangerous niche these brokers occupy in the digital underground. By compromising corporate networks, often through stolen credentials or exploiting vulnerabilities, they create a ready-made entry point for other threat groups. These follow-on attackers then deploy tools to steal sensitive data, install ransomware to extort payments, or conduct espionage. The business model is straightforward: lower-level criminals perform the initial breach and then sell that access to more sophisticated or specialized hacking teams.
Albashiti’s prosecution is part of a broader pattern. Just last November, a Russian national pleaded guilty to acting as an initial access broker for affiliates of the Yanluowang ransomware operation, which targeted at least eight American companies. The cybersecurity landscape continues to see active threats from these actors. In a recent advisory, Microsoft warned about a broker tracked as Storm-0249, which is actively abusing trusted Windows utilities and endpoint detection tools to stealthily load malware and maintain a foothold on systems, laying the groundwork for subsequent ransomware attacks.
(Source: Bleeping Computer)