Ransomware cyber

Intel

Jul 9, 2025 1 min read
Intel

The Iranian ransomware-as-a-service operation, Pay2Key.I2P, reemerged after a five-year hiatus, targeting organizations in the US and Israel. The group, linked to the Iranian government-backed Pioneer Kitten, has a history of targeting Israeli companies, including Intel's subsidiary Habana Labs. In late 2020, Pay2Key claimed to have stolen 53GB of data from Habana Labs, threatening to leak it. The group's updated ransomware now includes capabilities from Mimic ransomware, posing a significant threat to organizations' data security.

Source: https://www.theregister.com/2025/07/09/iranian_ransomware_crew_reemerges/

TPRM report: https://scoringcyber.rankiteo.com/company/intel-corporation

"id": "int608070925",
"linkid": "intel-corporation",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Israel',
                        'name': 'Habana Labs',
                        'type': 'Company'}],
 'attack_vector': 'Malware',
 'data_breach': {'data_exfiltration': '53GB of data from Habana Labs',
                 'type_of_data_compromised': 'Corporate Data'},
 'date_detected': '2025-01-01',
 'date_publicly_disclosed': '2025-06-23',
 'description': 'An Iranian ransomware-as-a-service operation with ties to a '
                'government-backed cyber crew has reemerged after a nearly '
                'five-year hiatus, and is offering would-be cybercriminals '
                'cash to infect organizations in the US and Israel.',
 'impact': {'data_compromised': '53GB of data from Habana Labs',
            'financial_loss': 'More than $4 million'},
 'initial_access_broker': {'entry_point': 'Russian and Chinese darknet forums, '
                                          'X',
                           'high_value_targets': 'US and Israel'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The incident highlights the convergence of '
                    'state-sponsored cyber warfare and global cybercrime.',
 'motivation': 'Financial, Geopolitical',
 'post_incident_analysis': {'root_causes': 'State-sponsored cyber warfare and '
                                           'financial incentives'},
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_paid': 'More than $4 million',
                'ransomware_strain': 'Pay2Key.I2P'},
 'recommendations': 'American businesses should guard their networks against '
                    "Iranian government-sponsored cyberattacks and 'low-level' "
                    'digital intrusions by pro-Iran hacktivists.',
 'references': [{'date_accessed': '2025-06-23', 'source': 'Morphisec'},
                {'source': 'US Homeland Security'}],
 'response': {'third_party_assistance': 'Morphisec'},
 'threat_actor': 'Pay2Key.I2P',
 'title': 'Iranian Ransomware-as-a-Service Operation Reemerges',
 'type': 'Ransomware-as-a-Service'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.