Nation-stateMar 31, 2026
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
Iranian APTs deploy pseudo-ransomware targeting US orgs via revived Pay2Key operations.
Summary
Iranian state-sponsored actors have resumed Pay2Key operations, deploying what researchers term 'pseudo-ransomware'—malware designed to extort victims while blurring attribution between state and criminal activity. The campaign targets high-impact US organizations, demonstrating Iran's continued evolution of hybrid attack tactics that combine espionage, extortion, and geopolitical leverage.
Indicators of Compromise
- malware — Pay2Key