Recherche : [morphisec]

Pay2Key’s Resurgence: Iranian Cyber Warfare Targets the West https://www.morphisec.com/blog/pay2key-resurgence-iranian-cyber-warfare/

09/07/2025 09:33:51

morphisec - In the volatile aftermath of the Israel-Iran-USA conflict, a sophisticated cyber threat has re-emerged, targeting organizations across the West. Morphisec’s threat research team has uncovered the revival of Pay2Key, an Iranian-backed ransomware-as-a-service (RaaS) operation, now operating as Pay2Key.I2P. Linked to the notorious Fox Kitten APT group and closely tied to the well-known Mimic ransomware, previously analyzed by Morphisec for its ELENOR-Corp variant, Pay2Key.I2P appears to partner with or incorporate Mimic’s capabilities. Officially, the group offers an 80% profit share (up from 70%) to affiliates supporting Iran or participating in attacks against the enemies of Iran, signaling their ideological commitment. With over $4 million in ransom payments collected in just four months and individual operators boasting $100,000 in profits, this campaign merges technical prowess with geopolitical motives. Our upcoming report includes personal communications from the group, revealing their dedication and the reasons behind rewriting their ransomware.

This blog introduces our technical analysis and OSINT findings, exposing Pay2Key.I2P’s operations and its ties to Mimic.

ince its debut in February 2025, Pay2Key.I2P has expanded rapidly. Strategic marketing on Russian and Chinese darknet forums, combined with a presence on X since January 2025, indicates a planned rollout. With over 51 successful ransom payouts in four months, the group’s effectiveness is undeniable.

While profit is a motivator, Pay2Key.I2P’s ideological agenda is clear. Their focus on Western targets, coupled with rhetoric tied to Iran’s geopolitical stance, positions this campaign as a tool of cyber warfare. The addition of a Linux-targeted ransomware build in June 2025 further expands their attack surface, threatening diverse systems.

CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability

10/07/2024 08:42:17

Morphisec researchers have discovered an important Microsoft Outlook vulnerability. Read on for CVE-2024- 38021 details and technical impact.

You’ve Got Mail: Critical Microsoft Outlook Vulnerability Executes as Email is Opened https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability

12/06/2024 16:56:33

Morphisec researchers have identified a critical Microsoft Outlook vulnerability, CVE-2024-30103, and detail its technical impact and recommended actions.

Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

09/06/2024 14:46:00

In this analysis, Morphisec Threat Labs details the latest Sticky Werewolf cyber threat group campaign targeting the aviation industry.

in2al5d p3in4er is Almost Completely Undetectable https://blog.morphisec.com/in2al5d-p3in4er

19/04/2023 10:52:34

in2al5d p3in4er is a highly evasive new loader that has a detection ratio of 0 on VirusTotal. We explain how it works, and how to prevent it.

Liens par page

Filtres