A 40-year-old Jordanian national pleaded guilty Thursday to operating as an access broker, selling access to at least 50 victim company networks he broke into by exploiting two commercial firewall products in 2023, according to the Justice Department.Feras Khalil Ahmad Albashiti, who lived in the Republic of Georgia at the time, sold an undercover FBI agent unauthorized access to the victim networks on a cybercrime forum under the moniker “r1z” in May 2023, authorities said in court records.The undercover FBI agent continued communicating with Albashiti for the next five months, uncovering evidence of additional alleged crimes. He’s accused of selling malware that could turn off endpoint detection and response products from three different companies.Albashiti proved the malware worked when, unbeknownst to him, the FBI observed him use the EDR-killing malware on an FBI server the agency granted him access to as part of its investigation. The undercover agent purchased additional malware from Albashiti capable of elevating internal user privileges without authorization and a modified version of a commercially available pentesting tool, according to an affidavit filed in the U.S. District Court of New Jersey.Investigators discovered the IP address Albashiti used to access the FBI server was previously used to intrude government systems belonging to a U.S. territory and a ransomware attack against a U.S. manufacturing company in June 2023 that resulted in at least $50 million in losses.Authorities linked Albashiti to the “r1z” account on the cybercrime forum by tracing the Gmail address he used to establish the account in 2018 as the same email address Albashiti used to apply to the State Department for a visa to enter the United States in October 2016. The FBI said it obtained records for the cybercrime forum as part of an unrelated investigation.Albashiti was arrested in July 2024 and has been held in custody since then. He waived prosecution by indictment and pleaded guilty to trafficking unauthorized access devices and login credentials. Albashiti is scheduled to be sentenced in May and faces up to 10 years in prison and a fine of $250,000, which prosecutors said is double the amount of gains or losses resulting from his crimes.You can read the affidavit below.Albashiti-affidavit-12-2023DownloadThe post Jordanian national pleads guilty after unknowingly selling FBI agent access to 50 company networks appeared first on CyberScoop.