mommy Access Broker

Mommy, also known as “Miyako” or “Miya,” is an emerging and sophisticated cyber threat actor that has gained attention since 2024 due to their advanced cyber-espionage capabilities and active involvement in high-profile attacks. Operating within underground cybercrime markets, mommy specializes in providing illicit services, including access to compromised networks and the sale of sensitive data. Their activities indicate a focus on espionage, data exfiltration, and exploiting high-value targets, particularly government entities, telecommunications companies, and critical infrastructure providers.

The threat group has been observed selling unauthorized access to networks and systems, enabling other threat actors to opportunistically access compromised devices for further exploitation or to deploy malicious payloads. The access broker has targeted a range of industries, including government institutions in the United States, critical infrastructure providers, and telecommunications. With a particular focus on monetizing stolen access and information, the access broker is a part of a growing trend of “access-as-a-service” models, where cybercriminals commodify network access for profit. These activities point to the increasing commercialization of cybercrime, where stolen credentials and system vulnerabilities are sold to the highest bidder, often nation-state actors. Additionally, with a focus on maintaining anonymity and privacy in their operations, it is a significant challenge for cybersecurity efforts and makes them a formidable threat to organizations worldwide.