Iran Focuses Cybercriminals on Foreign Enemies

Aggressive nation-states are increasingly leveraging cyberattacks as tools to advance their foreign policy objectives. In this case, Iran sponsored Pay2Key Ransomware-as-a-Service (RaaS) is offering an increase in profit sharing (80%) to affiliates who specifically target enemies of Iran – such as the United States and Israel. This incentive is a deliberate strategy by the Iranian government to undermine the economy and critical infrastructure of its adversaries.

According to Morphisec, who reported the issue, this group collected over $4 million in extortion payments in four months.

Check out their full report here: https://www.morphisec.com/blog/pay2key-resurgence-iranian-cyber-warfare/

This maneuvering aligns with my 2025 Cybersecurity Predictions and we should expect the big 4 aggressive cyber nations (Russia, China, Iran, and North Korea) to increase their organized efforts to employ cyberattack capabilities to further their foreign policy agendas and circumvent economic sanctions. As these nations grow their expertise, build advanced tools, and establish affiliate networks, the intensity of cybersecurity risks will dramatically increase for everyone.

As security professionals, we must keep pace by understanding the attacker’s evolving capabilities, targeting methodologies, and their rapidly adapting tools, to effectively manage the growing risks. Nation-states are the 800-pound gorillas of the cyber world, and their massive investments have the power to reshape the entire cybersecurity industry. Staying informed and adaptive is essential as nation-state threats continue to evolve.