Security News > 2020 > December > Iranian nation-state hackers linked to Pay2Key ransomware
Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil.
"We estimate with medium to high confidence that Pay2Key is a new operation conducted by Fox Kitten, an Iranian APT group that began a new wave of attacks in November-December 2020 that entailed dozens of Israeli companies," threat intelligence firm ClearSky says.
Starting with October 2020, Fox Kitten has been using Pay2Key ransomware attacks as cover for stealing sensitive information from industry, insurance, and logistics companies.
Indicators of compromise spotted during the Pay2Key ransomware attacks also link them to previous Iranian destructive attacks according to Israeli cybersecurity firms Profero and Security Joes.
Profero also linked the Pay2Key attacks to Iranian threat actors in November after tracking the group's ransom payment wallets to Iranian bitcoin exchanges.
News URL
Related news
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)