Fox Kitten, an Iranian-backed hacking group, has been linked with the Pay2Key ransomware operations that eye on organizations in Israel and Brazil.
This particular ransomware operation is part of the ongoing cyber showdown between Israel and Iran, suggests experts. Its recent wave of attacks has caused significant damage to some of the victim companies.
- Since October, the Iranian APT group has been using Pay2Key ransomware attacks as cover, while the actual aim was stealing valuable information from industry, insurance, and logistics firms.
- The group exploited several vulnerabilities in Fortinet, Pulse Secure, F5, and Global Protect VPN products. In addition, it abused publicly exposed RDP to gain access and deploy malware payloads.
- Pay2Key operators have the ability to spread the ransomware within an hour to the entire network. This ransomware was used to create panic instead of getting the ransom.
- Attackers also used a pivot device for outgoing communication proxy between the infected devices and the C2 servers. It helps them evade detection before encrypting all network systems.
Pay2Key makes room for itself
As of late, this new ransomware has been used in various cyberattacks against Israeli and European companies.
- A few days ago, the Pay2Key ransomware was used by some hackers to steal and leak data allegedly stolen from Habana Labs during a cyberattack.
- Personal details of leading cyber professionals were exposed in the latest Iranian-linked breach of IAI’s Elta Systems.
- Last month, a few Israeli companies and large corporations fell victim to the Pay2Key ransomware.
- Also, the Swascan cybersecurity research team disclosed the activities of the ransomware targeting European firms.
Several new ransomware operators are now using innovative tactics to take a big leap into the cybercrime space. Thus, experts suggest taking a backup of important data, using strong passwords, enabling two-factor authentication for RDP servers, and using a reliable anti-malware solution to stay protected.