Redazione RHC : 20 August 2025 19:31
An Initial Access Broker is selling access to Nike USA servers on a popular underground forum.
A recent post on a dark web forum has raised new concerns about the security of large international companies. An Initial Access Broker (IAB), an actor specializing in compromising and reselling access to corporate networks, claimed to have valid credentials or entry points to Nike USA’s systems or those of a third-party vendor.
Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper disclosure, or illicit use of such data. At this time, it is not possible to independently verify the authenticity of the reported information, as the organization involved has not yet released an official statement on its website. Accordingly, this article should be considered for informational and intelligence purposes only.
Initial Access Brokers are a central figure in the cybercrime ecosystem. Their activity consists of compromising companies’ IT infrastructures—through phishing, vulnerability exploits, stolen credentials, or brute force attacks—and then reselling these accesses on the dark web.
The buyers may be ransomware groups, criminals interested in stealing sensitive data, or actors who exploit these entry points to move laterally within networks and launch targeted attacks.
In effect, IABs lower the barrier to entry for cybercrime: anyone with the financial resources to purchase initial access can bypass the most complex phase of an attack, accelerating the compromise of the target.
The message was posted by a user with the username NetworkBrokers, who enjoys high status (“GOD”) on the forum and boasts a positive reputation.
In the post, dated August 25, 2025, at 3:55 AM, the user writes:
> “Hi,
We are selling Initial Access to Nike USA.”
The very concise text is accompanied by the official logo of the US multinational. No technical details about the access being offered (such as type, privilege level, access method, or asking price) are disclosed. However, the mere announcement is enough to attract the attention of malicious actors looking for new attack opportunities.
It is unclear whether the access offered directly involves Nike USA’s systems or whether it is tied to a third-party vendor working with the company. In both cases, the potential impact is significant: in the first scenario, the attack would directly hit the organization, while in the second it could generate a domino effect typical of supply chain attacks, which exploit ties with less protected external partners to penetrate high-profile infrastructures.
The appearance of such an announcement once again confirms how major global brands are constantly in the crosshairs of cybercrime and how the supply chain of suppliers and partners can represent a weak link in the defense.
If confirmed, the access offered for sale could be exploited by cyber gangs for future ransomware or data breach campaigns. exfiltration.
Redazione