Jordanian Man Pleads Guilty to Operating as Access Broker for Cyberattacks

A man from Jordan, Feras Khalil Ahmad Albashiti, has admitted to his role as an “access broker” in selling access to the computer networks of over 50 companies. This illegal activity has serious implications for cybersecurity and highlights the ongoing threat of cybercrime.

The extradition of Albashiti was secured by the Justice Department’s Office of International Affairs from Georgia, where he resided and was apprehended, in July 2024. The 40-year-old, also known by various online aliases such as “r1z,” “Feras Bashiti,” and “Firas Bashiti,” has pleaded guilty to charges of fraud involving access credentials.

Albashiti is scheduled to be sentenced before U.S. District Judge Michael A. Shipp on May 11, 2026. The charges he faces carry a maximum penalty of 10 years in prison and a fine of up to $250,000, or double the gross gains or losses resulting from the offense, whichever is greater.

An investigation into an online forum selling malware and malicious code in May 2023 led law enforcement officers to identify Albashiti as the user behind the username “r1z.” His criminal activities were exposed when he mistakenly sold access to the networks of at least 50 victim companies to an undercover law enforcement officer in exchange for cryptocurrency on May 19, 2023.

The role of initial access brokers in the cybercrime ecosystem is crucial, as they provide other threat actors with the necessary credentials to breach networks and deploy malicious tools for various illegal activities like data theft, ransomware attacks, and espionage.

In a separate case, a Russian national recently pleaded guilty to acting as an initial access broker for ransomware affiliates targeting U.S. companies between July 2021 and November 2022. This highlights the global nature of cybercrime and the need for international cooperation in combating such threats.

Microsoft has also issued warnings about the abuse of endpoint detection and trusted Windows utilities by an initial access broker known as Storm-0249. This individual is using these tools to load malware and establish persistence on systems, potentially preparing for ransomware attacks.

From managing old keys to securing AI-generated code, a comprehensive guide can help your team prioritize security in all aspects of development. Download the cheat sheet to streamline secrets management and enhance your cybersecurity practices.

Download Now