The Reveal Platform
Intel Name: Pay2key’s resurgence: iranian cyber warfare targets the west
Date of Scan: July 14, 2025
Impact: High
Summary: In the wake of heightened Israel-Iran-USA tensions, Iranian-backed ransomware group Pay2Key has re-emerged as Pay2Key.I2P. Now operating as a ransomware-as-a-service (RaaS) platform, it’s linked to the Fox Kitten APT group and shares capabilities with Mimic ransomware’s ELENOR-Corp variant. Offering affiliates an 80% profit share—especially those aligned with Iran’s adversaries—the campaign blends geopolitical motives with advanced cyber tactics. With over $4 million extorted in four months, Pay2Key.I2P reflects Iran’s evolving cyber warfare strategy.
