Affiliates of the Iranian ransomware-as-a-service operation Pay2Key.I2P suspected to have descended from the state-backed Fox Kitten-linked Pay2Key group have begun receiving 80% of ransom proceeds from the group for intrusions against the U.S. and Israel last month, an increase from the 70% cut they have been given previously, amid escalating tensions in the Middle East, according to The Record, a news site by cybersecurity firm Recorded Future.
Over $4 million in ransom payments from more than 50 successful attacks have been amassed by Pay2Key.I2P during the last four months, an analysis from Morphisec revealed. While details regarding the number of U.S. or Israeli entities compromised remain uncertain, Pay2Key.I2P has been suspected by researchers to be working with Mimic ransomware operators, who have been leveraging Conti ransomware source code exposed following its support of Russia's war against Ukraine. Mounting Pay2Key.I2P attacks come after U.S. critical infrastructure entities were warned of retaliatory attacks following the military strike against Iran's nuclear facilities.
Over $4 million in ransom payments from more than 50 successful attacks have been amassed by Pay2Key.I2P during the last four months, an analysis from Morphisec revealed. While details regarding the number of U.S. or Israeli entities compromised remain uncertain, Pay2Key.I2P has been suspected by researchers to be working with Mimic ransomware operators, who have been leveraging Conti ransomware source code exposed following its support of Russia's war against Ukraine. Mounting Pay2Key.I2P attacks come after U.S. critical infrastructure entities were warned of retaliatory attacks following the military strike against Iran's nuclear facilities.
