Iranian APT Groups Use Pseudo-Ransomware Tactics to Target US Organizations

Iranian advanced persistent threat (APT) groups are deploying "pseudo-ransomware" tactics, reviving operations linked to the Pay2Key ransomware strain to target high-impact organizations in the United States. The attacks blend state-sponsored objectives with cybercriminal techniques, focusing on disruption rather than financial gain. Pay2Key, previously attributed to Iranian actors, encrypts victim systems while masquerading as traditional ransomware, though decryption keys are rarely provided. No specific CVE IDs, victim counts, or exact attack timelines were disclosed in the report. The campaign underscores a shift in Iranian cyber operations toward destructive or politically motivated cyberattacks under the guise of criminal activity.