Don’t let overlooked obligations become incidents. Learn how.
Utility navigation bar redirect icon
Portal LoginSupportContact
Search
Close search
Huntress Logo in Teal
  • Platform Overview
    Managed EDR

    Get full endpoint visibility, detection, and response.

    Managed EDR

    Get full endpoint visibility, detection, and response.

    Managed ITDR

    Protect your Microsoft 365 identities and email environments.

    Managed ITDR

    Protect your Microsoft 365 identities and email environments.

    Managed SIEM

    Managed threat response and robust compliance support at a predictable price.

    Managed SIEM

    Managed threat response and robust compliance support at a predictable price.

    Managed Security Awareness Training

    Empower your teams with science-backed security awareness training.

    Managed Security Awareness Training

    Empower your teams with science-backed security awareness training.

    Managed ISPM

    Continuous Microsoft 365 and identity hardening, managed and enforced by Huntress experts.

    Managed ISPM

    Continuous Microsoft 365 and identity hardening, managed and enforced by Huntress experts.

    Managed ESPM

    Proactively secure endpoints against attacks.

    Managed ESPM

    Proactively secure endpoints against attacks.

    Integrations
    Integrations
    Support Documentation
    Support Documentation
    See Huntress in Action

    Quickly deploy and manage real-time protection for endpoints, email, and employees - all from a single dashboard.

    Huntress Cybersecurity
    See Huntress in Action

    Quickly deploy and manage real-time protection for endpoints, email, and employees - all from a single dashboard.

    Huntress Cybersecurity
  • Threats We Stop
    Phishing
    Phishing
    Business Email Compromise
    Business Email Compromise
    Ransomware
    Ransomware
    Infostealers
    Infostealers
    View Allright arrowView Allright arrow
    Industries We Serve
    Education
    Education
    Financial Services
    Financial Services
    State and Local Government
    State and Local Government
    Healthcare
    Healthcare
    Law Firms
    Law Firms
    Manufacturing
    Manufacturing
    Utilities
    Utilities
    View Allright arrowView Allright arrow
    Tailored Solutions
    MSPs
    MSPs
    Resellers
    Resellers
    SMBs
    SMBs
    Compliance
    Compliance
    What Gets Overlooked Gets Exploited

    Most days, nothing happens. But one day, something will.

    Huntress Cybersecurity
    Cybercriminals Have Evolved

    Get the intel on today’s cybercriminal groups and learn how to protect yourself.

    Huntress Cybersecurity
  • Pricing
  • Community Series
    The Product Lab

    Shape the next big thing in cybersecurity together.

    The Product Lab

    Shape the next big thing in cybersecurity together.

    Fireside Chat

    Real people. Real perspectives. Better conversations.

    Fireside Chat

    Real people. Real perspectives. Better conversations.

    Tradecraft Tuesday

    No products, no pitches – just tradecraft.

    Tradecraft Tuesday

    No products, no pitches – just tradecraft.

    _declassified

    Exposing hidden truths in the world of cybersecurity.

    _declassified

    Exposing hidden truths in the world of cybersecurity.

    Resources
    Upcoming Events
    Upcoming Events
    Ebooks
    Ebooks
    On-Demand Webinars
    On-Demand Webinars
    Videos
    Videos
    Whitepapers
    Whitepapers
    Datasheets
    Datasheets
    Cybersecurity Education
    Cybersecurity 101
    Cybersecurity 101
    Cybersecurity Guides
    Cybersecurity Guides
    Threat Library
    Threat Library
    Real Tradecraft, Real Results
    Real Tradecraft, Real Results
    2026 Cyber Threat Report
    2026 Cyber Threat Report
    The Huntress Blog
    Huntress Lands on the Microsoft Marketplace
    Huntress Cybersecurity
    Huntress Lands on the Microsoft Marketplace
    Huntress Cybersecurity
    How Huntress & DEFCERT Are Streamlining CMMC Assessment Prep
    Huntress Cybersecurity
    How Huntress & DEFCERT Are Streamlining CMMC Assessment Prep
    Huntress Cybersecurity
    Live Hacking Into Microsoft 365 with Kyle Hanslovan
    Huntress Cybersecurity
    Live Hacking Into Microsoft 365 with Kyle Hanslovan
    Huntress Cybersecurity
  • Why Huntress

    Go beyond AI in the fight against today’s hackers with Huntress Managed EDR purpose-built for your needs

    Huntress Cybersecurity
    Why Huntress

    Go beyond AI in the fight against today’s hackers with Huntress Managed EDR purpose-built for your needs

    Huntress Cybersecurity
    The Huntress SOC

    24/7 Security Operations Center

    The Huntress SOC

    24/7 Security Operations Center

    Reviews

    Why businesses of all sizes trust Huntress to defend their assets

    Reviews

    Why businesses of all sizes trust Huntress to defend their assets

    Case Studies

    Learn directly from our partners how Huntress has helped them

    Case Studies

    Learn directly from our partners how Huntress has helped them

    Community

    Get in touch with the Huntress Community team

    Community

    Get in touch with the Huntress Community team

    Compare Huntress
    Bitdefender
    Bitdefender
    Blackpoint
    Blackpoint
    Breach Secure Now!
    Breach Secure Now!
    Crowdstrike
    Crowdstrike
    Datto
    Datto
    SentinelOne
    SentinelOne
    Sophos
    Sophos
    Compare Allright arrowCompare Allright arrow
  • HUNTRESS HUB

    Login to access top-notch marketing resources, tools, and training.

    Huntress Cybersecurity
    HUNTRESS HUB

    Login to access top-notch marketing resources, tools, and training.

    Huntress Cybersecurity
    Partners
    MSPs

    Join our partner community to deliver expert-led managed security.

    MSPs

    Join our partner community to deliver expert-led managed security.

    Resellers

    Partner program designed to grow your cybersecurity business.

    Resellers

    Partner program designed to grow your cybersecurity business.

    Tech Alliances

    Driving innovation through global technology Partnerships

    Tech Alliances

    Driving innovation through global technology Partnerships

    Microsoft Partnership

    A Level-Up for Your Business Security

    Microsoft Partnership

    A Level-Up for Your Business Security

  • Press Release
    Huntress Announces Collaboration with Microsoft to Strengthen Cybersecurity for Businesses of All Sizes
    Huntress Cybersecurity
    Press Release
    Huntress Announces Collaboration with Microsoft to Strengthen Cybersecurity for Businesses of All Sizes
    Huntress Cybersecurity
    Our Story

    We're on a mission to shatter the barriers to enterprise-level security.

    Our Story

    We're on a mission to shatter the barriers to enterprise-level security.

    Newsroom

    Explore press releases, news articles, media interviews and more.

    Newsroom

    Explore press releases, news articles, media interviews and more.

    Meet the Team

    Founded by former NSA Cyber Operators. Backed by security researchers.

    Meet the Team

    Founded by former NSA Cyber Operators. Backed by security researchers.

    Careers

    Ready to shake up the cybersecurity world? Join the hunt.

    Careers

    Ready to shake up the cybersecurity world? Join the hunt.

    Awards
    Awards
    Contact Us
    Contact Us
  • Portal Login
  • Support
  • Contact
  • Search
  • Get a Demo
  • Start for Free
Portal LoginSupportContact
Search
Close search
Get a Demo
Start for Free
HomeBlog
Threat Advisory: Hackers Are Selling Access to MSPs
Published:
July 28, 2022

Threat Advisory: Hackers Are Selling Access to MSPs

By:
Harlan Carvey
Share icon
Glitch effectGlitch effectGlitch effect

Our CEO, Kyle, recently received the ad below, found on an online forum frequented by cybercriminals.

online forum frequented by cybercriminals

The body of the ad, translated into English, reads:

Looking for a Partner for MSP processing.
I have access to the MSP panel of 50+ companies. Over 100 ESXi, 1000+ servers.
All companies are American and approximately in the same time zone. I want to work qualitatively, but I do not have enough people.
In terms of preparation, only little things are left, so my profit share will be high.
Please send me a message for more details and suggestions.

Around the same time, Kyle was getting access to information about the ad, @Intel_by_KELA posted this Tweet:

Spotted: Initial Access Brokers using "ransomware insurance" as an important metric for their buyers, in addition to revenue, sector, access type and level of privileges.

Spotted: Initial Access Brokers using "ransomware insurance" as an important metric for their buyers, in addition to revenue, sector, access type and level of privileges. pic.twitter.com/ahu3SQqbvG

— KELA (@Intel_by_KELA) July 26, 2022

In the Tweet above, the image on the right is the contents of the image on the left, translated into English, and reads:

Sale RDP admin access for UK companies.
$5m+ revenue
Company has ransomware insurance.
Pm if interested

Both of these images illustrate a concerning and not-often-discussed trend of specialization in cyberattacks, specifically as it applies to initial access brokers (IABs).

Both ads illustrate that someone (a hacker) has gained access to an organization, unbeknownst to that organization, for the express purpose of offering that access for sale to other parties.

While the Tweet illustrates the various metrics offered up to buyers (access method and privileges, geographic location, revenue, insurance coverage, etc.), the image from the forum is perhaps more alarming, as it illustrates access to a managed service provider (MSP), who then has access to 50 or more customers.

It wasn’t so long ago that the entire lifecycle of a cyberattack was seemingly handled by one individual or group. In the spring of 2016, the group responsible for deploying the Samas ransomware was observed using the same exploit to gain access to multiple organizations—and following similar timing across those organizations regarding establishing a foothold, reconnaissance, identification of critical assets and deployment of ransomware. Something similar was observed regarding the Ryuk ransomware threat actor from September 2018 through the spring of 2019.

However, what the above images illustrate is specialization at the various stages of an attack—in particular, initial access.

IABs are threat actors whose goal is to gain access to organizations, and then monetize that access by offering it for sale. This allows for that specialization and isolation of skill sets (the hacker only needs to gain and maintain access), but also has the additional benefit of the payment being addressed offline, out of view of law enforcement.

Ransomware attacks are necessarily “public” in nature, in that some means must be provided to the impacted organization to make payment. By providing a cryptocurrency wallet, some information regarding the hacker’s infrastructure is exposed to law enforcement, who has developed significant skills in following such leads. However, by isolating the skill sets and phases of the attack cycle, IABs can receive payment for access to compromised organizations out of view of law enforcement.

MSPs remain an attractive supply chain target for attackers, particularly IABs.

On May 11, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) issued a warning for MSPs and their customers, stressing that MSPs in multiple countries (including the United Kingdom, Australia, Canada and New Zealand) were likely being targeted because of their own access to their customer base. 

What You Can Do

Here are some steps that MSPs can take to protect themselves and their customers:

  • Basic cyber hygiene, such as patching systems, implementing MFA, network segmentation, implementation of “least privilege,” etc.
  • Maintain an accurate asset inventory, not just of physical systems but also of running services, user accounts, etc.
  • Reduce your attack surface—as part of your asset inventory, reduce your exposure by limiting what’s accessible 
  • Monitor your inventory and network for suspicious activity, with an eye toward detection and response
  • Maintain and verify offline backups
Categories
Response to Incidents
Summarize this postClose Speech Bubble
ChatGPTClaudePerplexityGoogle AI

See Huntress in action

Our platform combines a suite of powerful managed detection and response tools for endpoints and Microsoft 365 identities, science-backed security awareness training, and the expertise of our 24/7 Security Operations Center (SOC).

Book a Demo
Share
Facebook iconTwitter X iconLinkedin iconDownload icon
Glitch effect

You Might Also Like

  • Enhancing Cybersecurity for MSPs in Australia and New Zealand

    Read expert tips about how MSPs in Australia and New Zealand can elevate their cybersecurity offerings and have better sales conversations with customers.

  • Huntress Snags Over 40 Leader Badges in G2 Spring 2024 Reports

    Huntress receives huge honors in latest G2 Spring 2024 Reports, earning 42 leader badges.

  • Brute Force or Something More? Ransomware Initial Access Brokers Exposed

    Discover how a seemingly simple brute force attack led to the uncovering of a suspected ransomware-as-a-service operation. This ecosystem appears to be leveraged by initial access brokers, driving an illicit and complex network of cybercrime.

  • Threat Advisory: Hackers Are Exploiting CVE-2021-40444

    Huntress is monitoring a new threat against Windows OS and Microsoft Office products (CVE-2021-40444). The MSHTML engine is vulnerable to arbitrary code execution.

  • How One Criminal Tried to Sell an MSP on the Dark Web

    In a rare encounter, we found ourselves directly interacting with a cybercriminal that took us down a dark web rabbit hole.

  • The Health Sector is Under Attack. But You Can Fight Back.

    Healthcare organizations are facing cyber threats at an alarming rate, and as the U.S. Department of Health and Human Services (HHS) introduces new measures for cybersecurity, it’s also time for small- and mid-sized organizations to be proactive in their defense.

  • New 0-Day Vulnerabilities Found in Microsoft Exchange

    The Huntress team is currently investigating new 0-day vulnerabilities in Microsoft Exchange servers, piggybacking on ProxyShell and ProxyLogon.

  • Huntress Recognized with 44 New G2 Leader Badges for Summer 2024

    Huntress Managed EDR was featured in 50 unique G2 reports, earning over 44 Leader badges. Learn why we’re retaining our #1 rank for the 9th quarter in a row.

Sign Up for Huntress Updates

Get insider access to Huntress tradecraft, killer events, and the freshest blog updates.
Privacy • Terms
By submitting this form, you accept our Terms of Service & Privacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Huntress Managed Security PlatformManaged EDRManaged EDR for macOSManaged EDR for LinuxManaged ITDRManaged SIEMManaged Security Awareness TrainingManaged ISPMManaged ESPMBook a Demo
PhishingComplianceBusiness Email CompromiseEducationFinanceHealthcareManufacturingState & Local Government
Managed Service ProvidersResellersIT & Security Teams24/7 SOCCase Studies
BlogResource CenterCybersecurity 101Upcoming EventsSupport Documentation
Our CompanyLeadershipNews & PressCareersContact Us
Huntress white logo

Protecting 215k+ customers like you with enterprise-grade protection.

Privacy PolicyCookie PolicyTerms of UseCookie Consent
Linkedin iconTwitter X iconYouTube iconInstagram icon
© 2025 Huntress All Rights Reserved.

Join the Hunt

Get insider access to Huntress tradecraft, killer events, and the freshest blog updates.

By submitting this form, you accept our Terms of Service & Privacy Policy