THREATNOIR
Subscribe
Back to Feed
Threat IntelligenceApr 29, 2026

⚠️ A Russian-speaking threat actor group is recruiting an Initial Access Broker (IAB) to supply c...

Russian-speaking threat actor recruits IAB for corporate network access without ransomware deployment.

Read at source

Summary

A Russian-speaking threat actor group is actively recruiting an Initial Access Broker (IAB) to provide ongoing corporate network access for data exfiltration and extortion campaigns. The group operates under a 'by date, without a locker' model, meaning they steal and extort data from victims without deploying ransomware. This represents a shift toward pure extortion-focused attacks rather than traditional ransomware deployment.

Indicators of Compromise

  • malware — without a locker

Entities

Russian-speaking threat actor group (threat_actor)IAB recruitment campaign (campaign)