ALP-001 emerged around March 2026 as a Tor-based data leak site, marking a shift for an established Initial Access Broker (IAB) from selling network access to direct extortion. The group's primary motivation is financial gain through data exfiltration and public shaming on its dedicated leak site. What distinguishes ALP-001 is its background as an IAB, with some of its data leak claims being of questionable credibility, potentially involving information from misconfigured services or publicly available sources. The group has also publicly sought ransomware partners, indicating an ability to broker access but a lack of in-house capabilities for large-scale ransomware deployment or sustained extortion operations.