A Jordanian man has pleaded guilty to operating as an "access broker" who sold access to the computer networks of at least 50 companies.

The Justice Department's Office of International Affairs secured Albashiti's extradition from Georgia (where he lived and was arrested) in July 2024.

40-year-old Feras Khalil Ahmad Albashiti (also known online as "r1z," "Feras Bashiti" and "Firas Bashiti") has entered a guilty plea to charges of fraud involving access credentials. Albashiti's sentencing before U.S. District Judge Michael A. Shipp is scheduled for May 11, 2026.

The charges carry a maximum penalty of 10 years in prison and a fine of up to $250,000, or twice the gross gains or losses resulting from the offense, whichever is greater.

According to court documents, law enforcement officers investigating an online forum selling malware and malicious code in May 2023 identified Albashiti as the user behind the username "r1z."

He was charged after making the mistake of selling access to at least 50 victim companies' networks to an undercover law enforcement officer in exchange for cryptocurrency on May 19, 2023.

Initial access brokers have become critical middlemen in the cybercrime ecosystem, providing other threat actors with the credentials needed to breach victims' networks and drop malicious tools to steal data, deploy ransomware, or conduct espionage.

In November, a Russian national also pleaded guilty to acting as an initial access broker for Yanluowang ransomware affiliates that targeted at least eight U.S. companies between July 2021 and November 2022.

More recently, Microsoft warned that an initial access broker (tracked as Storm-0249) is abusing endpoint detection and trusted Microsoft Windows utilities to load malware and establish persistence on targets' systems in preparation for ransomware attacks.