Iranian advanced persistent threat (APT) groups have revived Pay2Key ransomware operations, deploying what security researchers term "pseudo-ransomware" against high-impact US organizations. The campaigns represent a strategic shift in Iranian cyber operations, deliberately blurring the traditional boundaries between state-sponsored espionage and cybercriminal activities.
The renewed Pay2Key operations specifically target high-impact US organizations, though the exact scope and number of affected systems has not been disclosed. The timing and selection of targets suggests these attacks are strategically motivated rather than purely financially driven, despite their ransomware appearance.