Ethical Hacking News
A notorious Iranian ransomware crew, Pay2Key, has reemerged after a nearly five-year hiatus, promising would-be affiliates an 80% profit margin for attacks against its primary targets: the US and Israel. The crew's ties to Tehran's Pioneer Kitten threat group and Mimic ransomware variant make it a particularly concerning threat, with implications extending beyond the US to regions where tensions between Iran and its regional adversaries are high.
The notorious Iranian ransomware crew, Pay2Key, has reemerged after a nearly five-year hiatus, threatening to unleash devastating cyberattacks on American companies. Pay2Key offers a generous 80% profit margin for attacks against its primary targets: the US and Israel. The crew's operations have been fueled by Iran's military conflict with Israel and the US, resulting in over $4 million in ransomware payments during their four-month operational period. The threat posed by Pay2Key is concerning due to its ties to Pioneer Kitten and Mimic ransomware variants, as well as its use of I2P for anonymous network operations. US businesses must remain vigilant in their cybersecurity defenses and maintain robust partnerships with international security firms and government agencies. The implications of Pay2Key's resurgence extend beyond the US, posing a significant challenge for businesses operating in regions where tensions are high, as well as those with global operations.
The threat landscape for US businesses has never been more precarious, with a recent resurgence of the notorious Iranian ransomware crew, Pay2Key, threatening to unleash devastating cyberattacks on American companies. The crew, which has ties to Tehran's Pioneer Kitten threat group, has reemerged after a nearly five-year hiatus and is now offering would-be affiliates a generous 80% profit margin for attacks against its primary targets: the US and Israel.
According to research by Morphisec, a purveyor of defensive security products, Pay2Key has made significant updates to its malware, adding a build to target Linux systems and increasing the payout for successful attacks against its preferred targets. The crew's operations have been fueled by Iran's military conflict with Israel and the US, with the criminals claiming to have made over $4 million in ransomware payments during their four-month operational period.
The threat posed by Pay2Key is particularly concerning given its ties to both Pioneer Kitten and Mimic ransomware variants. The crew's use of I2P, an anonymous network similar to Tor, as a hosting platform for its ransomware website adds another layer of complexity to the threat landscape. According to Morphisec, "Pay2Key.I2P represents a dangerous convergence of Iranian state-sponsored cyber warfare and global cybercrime."
The resurgence of Pay2Key is also timely, given recent US Homeland Security advisories warning American businesses about a heightened threat environment in the United States following airstrikes against Iranian nuclear facilities. These warnings urge companies to take immediate action to safeguard their networks against Iranian government-sponsored cyberattacks and "low-level" digital intrusions by pro-Iran hacktivists.
Experts warn that supply chain hacks, including those targeting IT vendors and software providers, are particularly vulnerable to attack during periods of heightened tensions between nations. The threat posed by Pay2Key highlights the need for US businesses to remain vigilant in their cybersecurity defenses, as well as the importance of maintaining robust partnerships with international security firms and government agencies.
The implications of Pay2Key's resurgence extend beyond the US, however. As global tensions between Iran and its regional adversaries continue to escalate, the threat posed by Iranian state-sponsored cyberattacks is likely to grow. This poses a significant challenge for businesses operating in regions where tensions are high, as well as those with operations globally.
In response to this growing threat, security firms and governments around the world must work together to share intelligence and best practices for countering Iranian state-sponsored cyber threats. The resurgence of Pay2Key serves as a stark reminder that the cyber threat landscape is constantly evolving and that businesses must remain adaptable and proactive in their cybersecurity defenses.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Resurgence-of-Pay2Key-A-Iranian-Ransomware-Crews-Threat-to-US-Businesses-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/09/iranian_ransomware_crew_reemerges/
Published: Wed Jul 9 02:37:22 2025 by llama3.2 3B Q4_K_M
