Resources

What is Access Acquisition?

Access Acquisition is a resource development technique in the MITRE F3 Framework. Fraud actors purchase or otherwise obtain existing access to accounts and infrastructure through underground markets and broker networks.

Arsen Team
3 minutes read
What is Access Acquisition?

Access Acquisition maps to the Resource Development tactic in the MITRE F3 Framework. Rather than breaching a system from scratch, fraud actors bypass the initial attack phase entirely by purchasing pre-existing access from underground brokers.

What forms does purchased access take?

Access Type Example
Compromised credentials Online banking or payment account logins
MFA artifacts OTP bypass tokens, session cookies
Administrative access Merchant portal logins, back-office remote access
API keys and tokens Programmatic access to financial services
Pre-installed tooling "Loads", malware or bots already deployed on target systems

Why do fraud actors prefer Access Acquisition?

Buying access eliminates the reconnaissance and initial intrusion phases, letting attackers focus immediately on high-value fraud: fund transfers, payroll manipulation, account takeover, or credential harvesting for third-party victims.

Attackers prioritise access to accounts with high transaction limits, weak monitoring, or privileged roles. Service providers, fintechs, and BPOs are particularly targeted because a single access point can reach multiple downstream victims through trusted business relationships.

Phishing for Information, vishing, and insider bribery are primary sources of the credentials sold on underground markets. Organisations that do not train employees against social engineering directly feed the Access Acquisition economy.

Key takeaways

  • Access Acquisition maps to Resource Development in MITRE F3.
  • Fraud actors buy credentials, session cookies, API keys, and remote access tooling from broker networks.
  • This technique skips early attack phases, accelerating time-to-fraud.
  • High-limit accounts, privileged roles, and payment processors are the most targeted.
  • Social engineering (phishing, vishing, insider threats) is the primary upstream source of sold access.

What is MITRE Fight Fraud Framework™ (F3)?

The MITRE Fight Fraud Framework (F3) is a curated knowledge base of tactics, techniques, and sub-techniques used by fraud actors in cyber-based financial fraud incidents. Developed by MITRE's Center for Threat-Informed Defense in collaboration with FS-ISAC, JPMorganChase, and Lloyds Banking Group, it provides a common language for fraud-fusion teams to describe, detect, and prevent financial fraud. F3 is modeled after MITRE ATT&CK® and focuses on banking institutions as its initial scope.


Book a demo

Discover why Arsen is the go-to platform for helping CISOs, security teams, and IT leaders protect their organizations against social engineering.

Request a demo

Frequently Asked Questions

It is a Resource Development technique describing fraud actors purchasing or stealing existing access — credentials, session cookies, API keys, or pre-installed tools — from underground markets instead of gaining entry themselves.

Banks, fintechs, and payment processors are high-value targets because a single purchased credential can unlock large transaction limits, customer data, or access to downstream partner systems.

Credentials and access artifacts sold in underground markets are often originally obtained through phishing, vishing, or insider bribery — making employee awareness training a direct upstream defence.

Short-lived session tokens, hardware MFA, privileged access management (PAM), and continuous anomaly detection on authentication events all reduce the utility of purchased credentials.

Continue reading