Intel’s AI chip designer falls victim to a cyber attack

The Pay2Key encryption group, which is affiliated with Iran, has attacked a company which develops processors for Intel for use in the artificial intelligence sector. The attackers started leaking the stolen data immediately.

Seventy-two hours for redemption
Habana Laboratories, which develops Intel-suited processors for artificial intelligence technologies, has been exposed to a cyber assault. Cybercriminals belonging to a certain Pay2Key ransomware group hacked private data and started spreading it in the public domain, insisting that Habana pay a ransom to stop the leak within 72 hours.

The compromised data contains information about the Windows domain and DNS, as well as a list of Gerrit code audit system archives. Ok, company records and code bits, probably belonging to Habana and thus, Intel, are the most critical components of the spill.

Pay2Key, purportedly of Iranian origin, is a ransomware company. Israeli CheckPoint and Profero information security companies have been researching it closely.


CheckPoint experts confirmed in November 2020 that many businesses in Brazil were victims of Pay2Key. In order to access the local networks of the target businesses, the cybercriminals used the RDP protocol and spread the ransomware within one hour over all the infrastructure available within it. In bitcoins, the total ransom payment was $110-140 thousand, while the attackers also asked only half as many.

For their part, the experts at Profero were able to connect Pay2Key with a high degree of trust with the Iranian crypto exchange Excoino.

It is not about wealth, but about money.

Experts think that the motive of attackers is not inherently linked to benefit, as shown by the Bleeping Machine publication. The key challenge is likely to be to hurt Israeli companies, and not just the major ones.

Omri Segev Moyal, head of Profero, advised that the Israeli IT organization make every attempt to improve cyber security, as it is clear that Pay2Key and other cyber groups in Iran will not stop there.

Pay2Key has previously targeted Israeli trucking tech developer Amital and with it, some of its customers, according to Profero.

“When it comes to corporate attacks, what the motivation is, particularly when it comes to real damage, is not so important,” said Anastasia Melnikova, an information security specialist at SEC Consult Services. – In this situation, in the interests of an unfriendly society, the attackers might easily execute three tasks at once to cash in, hurt and rob knowledge about advanced technologies. In this respect, the “honest” recovery of the stolen data after the ransom payment, if any, is the least possible.

At the international stage, research and development in the area of artificial intelligence technology is such an intensely competitive market that often all the means are fine. “