New Report From Flare Highlights Pervasive Threat of Initial Access Brokers in NATO Countries

February 7, 2024

2 Min Read


Montreal, Quebec, Canada – February 6, 2024 – Flare, the leading Continuous Threat Exposure Management (CTEM) solution provider, has released a new report that explores and analyzes the cyber threat landscape and threats to NATO countries created by initial access brokers (IABs) on Russian-language hacking forums.

IABs are key players in the cybercrime landscape. They infiltrate systems and gain unauthorized access through various techniques, including spear-phishing, exploiting unpatched vulnerabilities, and leveraging leaked and stolen credentials, with the primary goal of establishing persistence in these environments.

For this report, Flare analyzed hundreds of IAB posts on the Russian-language hacking forums, and discovered recent activity in 21 out of the 31 NATO countries - confirming the extensive reach and consistent potential threat IABs pose to national security and economic stability. 

One of the key findings of the report is the threat actors' preference for targeting critical infrastructure sectors in NATO member states - their strategic value allowing IABs to demand higher prices in the cybercrime market. The report also highlights the anonymized nature of IAB posts and the careful efforts of threat actors to conceal sensitive details, which poses challenges in identifying victims. 

The analysis indicates a clear trend toward targeted cyberattacks on the US defense sector, and a higher price point for access to US defense contractors. This reflects the high value of these targets and suggests that threat actors recognize the significant impact of infiltrating defense-related systems. 

"Geopolitics are no longer isolated from cybercrime," said Eric Clay, VP Marketing at Flare. "As global tensions have increased we’ve seen a spillover where nation-states may directly leverage cybercrime groups to further their aims."

To better understand the IAB threat landscape targeting entities in NATO member states, Flare presents a snapshot of recent IAB sales from the Exploit forum in the report. These sales, involving entities in 21 NATO countries and primarily from the years 2023 and 2024, represent just a small sample of the multitude of IAB listings. 

To explore this research and the significant impact of IABs gaining unauthorized access to the sensitive information of NATO member states, please read the full report at

About Flare

Flare provides the Continuous Threat Exposure Management (CTEM) solution for organizations. Our AI-driven technology constantly scans the online world, including the clear & dark web, to discover unknown events, automatically prioritize risks, and deliver actionable intelligence you can use instantly to improve security. Our solution integrates into your security program in 30 minutes to provide your team with actionable intelligence and automated remediation for threats across the clear & dark web. Flare is headquartered in Montreal, Quebec, Canada. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights