Now Fox Kitten APT Deploys Pay2Key Ransomware to Create Panic

What happened?

• Since October, the Iranian APT group has been using Pay2Key ransomware attacks as cover, while the actual aim was stealing valuable information from industry, insurance, and logistics firms.
• The group exploited several vulnerabilities in Fortinet, Pulse Secure, F5, and Global Protect VPN products. In addition, it abused publicly exposed RDP to gain access and deploy malware payloads.
• Pay2Key operators have the ability to spread the ransomware within an hour to the entire network. This ransomware was used to create panic instead of getting the ransom.
• Attackers also used a pivot device for outgoing communication proxy between the infected devices and the C2 servers. It helps them evade detection before encrypting all network systems.

Pay2Key makes room for itself

• A few days ago, the Pay2Key ransomware was used by some hackers to steal and leak data allegedly stolen from Habana Labs during a cyberattack.
• Personal details of leading cyber professionals were exposed in the latest Iranian-linked breach of IAI’s Elta Systems.
• Last month, a few Israeli companies and large corporations fell victim to the Pay2Key ransomware.
• Also, the Swascan cybersecurity research team disclosed the activities of the ransomware targeting European firms.

Conclusion