Tuesday, January 20, 2026
Latest:

Threatshub.org sponsored-Post

The Register

Broker who sold malware to the FBI set for sentencing

TH Author

A Jordanian national faces sentencing in the US after pleading guilty to acting as an initial access broker (IAB) for various cyberattacks.

Feras Khalil Ahmad Albashiti, 40, admitted to facilitating cyberattacks on at least 50 companies stateside.

Residing in Georgia at the time, Albashiti’s crimes were carried out in 2023. On May 19 of that year, while working under the alias r1z, he unwittingly sold an undercover FBI agent access to the businesses in exchange for cryptocurrency.

The agent spotted that Albashiti was advertising access to the companies that all used one of two firewall products. After making the purchase totaling $5,000, the IAB sent a list of IP addresses, usernames, and instructions on how to bypass the firewalls to gain access to the victims’ networks.

Building a larger case against the man, the undercover agent later gave Albashiti a further $15,000 in exchange for a copy of an effective EDR-disabling malware, and separately purchased malware for elevating user privileges.

During the process of the EDR killer purchase, the undercover agent asked Albashiti to demonstrate the malware worked by connecting to an FBI-controlled server. In doing so, Albashiti revealed his IP address, which also implicated him in a ransomware attack on an unnamed US manufacturer that led to $50 million in losses, according to court documents.

US State Department records helped law enforcement identify Albashiti. Prosecutors said the Jordanian national applied for a visa in 2016 using the same email address used to register the r1z account on the cybercrime forum he used to advertise his illicit wares.

The same email address was also connected to a Google Pay account, which in turn had various credit cards connected to it. The names associated with the Google email address, Google Pay account, and credit cards, pointed to Albashiti as the man behind r1z.

Albashiti was extradited from Georgia in July 2024, and is scheduled for sentencing on May 11, 2026.

He faces a maximum prison sentence of ten years, plus a potential maximum fine of $250,000. ®

READ MORE HERE