An Iranian ransomware operation named Pay2Key.I2P has reemerged after nearly five years, targeting organizations in the US and Israel with updated malware capabilities. This group has ties to Tehran-backed threat actors and utilizes the anonymous I2P network to host their ransomware website, increasing cyber threat levels in the region. #PioneerKitten #MimicRansomware
Keypoints
- Pay2Key.I2P is a reemerged Iranian ransomware-as-a-service operation targeting US and Israeli organizations.
- The malware has been updated to include Linux targeting and enhanced capabilities from Mimic ransomware.
- The group offers affiliates higher profit shares, up to 80%, for attacks against Iranβs enemies.
- Pay2Key.I2P uses I2P network hosting for its cybercriminal infrastructure, enhancing anonymity.
- Researchers link the group to Tehran-backed threat actors and warn of increased regional cyber threats.
Read More: https://www.theregister.com/2025/07/09/iranian_ransomware_crew_reemerges/