A company that develops processors for Intel for use in the field of artificial intelligence was attacked by the pay2key encryption group, which is associated with Iran. The attackers immediately began to merge the stolen data.
The company Habana Labs, which produces processors adapted for artificial intelligence technologies for Intel, was subjected to a cyber attack. attackers belonging to a certain extortionate group pay2key stole confidential data and began to spread them in the public domain, simultaneously demanding that habana pay a ransom within 72 hours to stop the leak.
The stolen data includes information about the Windows domain and DNS information about it, as well as a list of files from the Gerrit software code audit system. well, the most significant component of the leak is business documents and fragments of program code, presumably belonging to habana and, therefore, intel.
pay2key is a ransomware organization, presumably of Iranian origin. It was closely studied by Israeli information security firms checkpoint and Profero.
in november 2020, checkpoint experts reported that several companies in brazil were victims of pay2key. The attackers used the RDP protocol to penetrate the local networks of the victim companies and distributed the cryptographer to all resources available within it within one hour. The average ransom amount was $110-140 thousand in bitcoins, although sometimes attackers demanded about half as much.
For their part, Profero experts were able to associate pay2key with the Iranian crypto exchange Excoino with a high degree of confidence.
According to the publication Bleeping Computer, experts believe that the motivation of attackers is not necessarily related to profit. It is likely that the main task is to harm Israeli businesses, and not only large ones.
Head of Profero Omri Segev Moyal (Omri Segev Moyal) recommended that the Israeli IT business throw all efforts to strengthen cyber defense, since pay2key and other Iranian cyber groups are clearly not going to stop there.
According to Profero, pay2key previously attacked the Israeli developer of software for the field of cargo transportation Amital, and through it-and several of its clients.
"When it comes to attacks on business, it is not so important what exactly the motivation is associated with, especially when it comes to real damage," he said. Anastasia Melnikova, information security expert at SEC Consult Services. - in this case, the attackers could easily perform three tasks at once: to make money, cause harm and steal information about advanced developments in the interests of an unfriendly state. In this regard, the least likely is the "honest" return of the stolen data after the payment of the ransom, if any. Research and development in the field of artificial intelligence technologies is such a highly competitive environment, and at the international level, that sometimes all means are good."