Security News > 2020 > December > Iranian nation-state hackers linked to Pay2Key ransomware
Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil.
"We estimate with medium to high confidence that Pay2Key is a new operation conducted by Fox Kitten, an Iranian APT group that began a new wave of attacks in November-December 2020 that entailed dozens of Israeli companies," threat intelligence firm ClearSky says.
Starting with October 2020, Fox Kitten has been using Pay2Key ransomware attacks as cover for stealing sensitive information from industry, insurance, and logistics companies.
Indicators of compromise spotted during the Pay2Key ransomware attacks also link them to previous Iranian destructive attacks according to Israeli cybersecurity firms Profero and Security Joes.
Profero also linked the Pay2Key attacks to Iranian threat actors in November after tracking the group's ransom payment wallets to Iranian bitcoin exchanges.
News URL
Related news
- Pioneer Kitten: Iranian hackers partnering with ransomware affiliates (source)
- Iranian hackers work with ransomware gangs to extort breached orgs (source)
- Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges (source)
- US warns of Iranian hackers escalating influence operations (source)
- Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp (source)
- U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks (source)
- Iranian Hackers Set Up New Network to Target U.S. Political Campaigns (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)