Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Fortinet releases patches for important SQL injection defects in Fortiweb (CVE-2025-25257)

YC Back Apolink by 19-year-old Bag $4.3 million to build a 24/7 connection for Leo satellite

Helios wants to be an AI operating system for public policy experts

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Iran-backed Pay2key ransomware resurfaces
Identity

Iran-backed Pay2key ransomware resurfaces

userBy userJuly 11, 2025No Comments4 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Iran-backed ransomware (RAAS) named Pay2key resurfaces in the wake of Israel-Iran-US conflict last month, offering bigger payments to Cybercriminals launching attacks against Israel and the US

The financially motivated scheme currently operating under Moniker Pay2key.i2p is rated as linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm).

“It links to the infamous fox kitten apt group and is closely tied to famous mimic ransomware. […] Pay2key.i2p appears to be affiliated or built into Mimic’s capabilities,” said Ilia Kulmin, security researcher at Morphisec.

“Officially, the group offers an 80% profit share (up from 70%) to Iranian-backed affiliates, or participates in attacks against Iranian enemies, demonstrating ideological commitment.”

Last year, the US government revealed a highly permanent threat (APT) operation of carrying out ransomware attacks by secretly partnering with Noescape, Ransomhouse and Blackcat (also known as Alphv).

Cybersecurity

The use of Pay2key by Iranian threat actors dates back to October 2020, targeting Israeli companies by leveraging known security vulnerabilities.

Pay2key.i2p per Morphisec appeared on the scene in February 2025, successfully paying more than 51 ransoms in four months, earning more than $4 million ransom payments and earning $100,000 for individual operators.

Their financial motivations are clear and undoubtedly effective, but there is also a fundamental ideological agenda behind them. The campaign looks like an example of a cyber warfare unfolding against Israeli and US targets

A notable aspect of the latest variant of Pay2key.i2p is that it is the first known RAAS platform hosted on the Invisible Internet Project (I2P).

“Some malware families use I2P [command-and-control] Communication, this is a step further. Ransomware operations as a service that directly executes infrastructure on I2P,” Swiss cybersecurity company Prodaft said in a March 2025 post shared on X. It was then reposted by Pay2key.i2p’s own X account.

Additionally, Pay2key.i2p observed that it marks a shift in RAAS operations and posts to the Russian Darknet Forum, which allows anyone to deploy ransomware binaries with a payment of $20,000 for each successful attack. This post was created on February 20, 2025 by a user named “IsReactive.”

“Unlike traditional ransomware (RAAS) models, where developers reduce by reducing only from ransomware sales, this model allows them to share only with the attacker who successfully attacks, and share some with the attacker who deploys it,” says Kurmin.

“This shift moves away from the simple tool sale model and creates a more distributed ecosystem. Ransomware developers get from the success of their attacks, not from the sale of the tool.”

As of June 2025, ransomware builders include the option to target Linux systems, indicating that threat actors are actively improving and improving the functionality of their lockers. Meanwhile, the counterparts in Windows are delivered as Windows executables in Self-Extract (SFX) archives.

It also incorporates a variety of evasion techniques that can be performed without hindering by disabling Microsoft Defender Antivirus and removing malicious artifacts deployed as part of the attack and minimizing forensic trails.

Cybersecurity

“Pay2key.i2p represents the dangerous convergence of Iran’s state-sponsored cyberwarfare and global cybercrime,” Morfisek said. “The Raas operation, which has a connection with Fox Kitten and Mimic, an 80% profit incentive for Iranian supporters and has a ransom of over $4 million, threatens Western organizations with highly evasive ransomware.”

The findings come when the US Cybersecurity and Intelligence Agency warned about Iran’s retaliatory attacks following US airstrikes at three nuclear facilities across the country.

Operations Technology (OT) security company Nozomi Networks said Iranian hacking groups such as Muddywater, Apt33, Oilrig, Cyber ​​Av3ngers, Fox Kitten and Homeland Justice have been observed targeting US transport and manufacturing organizations.

“Industrial and critical infrastructure organizations in the US and overseas are being urged to be vigilant and consider their security stance,” the company said, adding that it had detected 28 cyberattacks involving Iranian threat actors between May and June 2025.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleEU material recovery rules to enhance waste batteries recycling
Next Article Critical Wing FTP Server Vulnerability (CVE-2025-47812)
user
  • Website

Related Posts

Fortinet releases patches for important SQL injection defects in Fortiweb (CVE-2025-25257)

July 11, 2025

perfektblue bluetooth vulnerability exposes millions of vehicles to remote code execution

July 11, 2025

Protecting data in the AI ​​era

July 11, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Fortinet releases patches for important SQL injection defects in Fortiweb (CVE-2025-25257)

YC Back Apolink by 19-year-old Bag $4.3 million to build a 24/7 connection for Leo satellite

Helios wants to be an AI operating system for public policy experts

EV transitions face rocky paths to competitiveness

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.