Now Fox Kitten APT Deploys Pay2Key Ransomware to Create Panic

Now Fox Kitten APT Deploys Pay2Key Ransomware to Create Panic

Fox Kitten, an Iranian-backed hacking group, has been linked with the Pay2Key ransomware operations that eye on organizations in Israel and Brazil.

What happened?


This particular ransomware operation is part of the ongoing cyber showdown between Israel and Iran, suggests experts. Its recent wave of attacks has caused significant damage to some of the victim companies.
Since October, the Iranian APT group has been using Pay2Key ransomware attacks as cover, while the actual aim was stealing valuable information from industry, insurance, and logistics firms.
The group exploited several vulnerabilities in Fortinet, Pulse Secure, F5, and Global Protect VPN products. In addition, it abused publicly exposed RDP to gain access and deploy malware payloads.
Pay2Key operators have the ability to spread the ransomware within an hour to the entire network. This ransomware was used to create panic instead of getting the ransom.
Attackers also used a pivot device for outgoing communication proxy between the infected devices and the C2 servers. It helps them evade detection before encrypting all network systems.

Pay2Key makes room for itself


As of late, this new ransomware has been used in various cyberattacks against Israeli and European companies.


A few days ago, the Pay2Key ransomware was used by some hackers to steal and leak data allegedly stolen from Habana Labs during a cyberattack.
Personal details of leading cyber professionals were exposed in the latest Iranian-linked breach of IAI’s Elta Systems.
Last month, a few Is ..

Support the originator by clicking the read the rest link below.