{
	"id": "027343a4-523b-4dda-bb68-3d305a81b727",
	"created_at": "2026-04-06T00:21:29.696072Z",
	"updated_at": "2026-04-10T03:30:36.180946Z",
	"deleted_at": null,
	"sha1_hash": "1b0eebb16641b41c25255f7bbc5fd2f1f98353fd",
	"title": "Intel's Habana Labs hacked by Pay2Key ransomware, data stolen",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2155045,
	"plain_text": "Intel's Habana Labs hacked by Pay2Key ransomware, data stolen\r\nBy Lawrence Abrams\r\nPublished: 2020-12-13 · Archived: 2026-04-05 15:03:59 UTC\r\nIntel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat\r\nactors.\r\nHabana Labs is an Israeli developer of AI processors that accelerate artificial intelligence workloads in the datacenter. Intel\r\npurchased the company in December 2019 for approximately $2 billion.\r\nToday, the Pay2Key ransomware operation leaked data allegedly stolen from Habana Labs during a cyberattack. This data\r\nincludes Windows domain account information, DNS zone information for the domain, and a file listing from its Gerrit\r\ndevelopment code review system.\r\nhttps://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nPay2Key data leak page for Habana Labs\r\nIn addition to the content posted on their data leak site, the Pay2Key operators have leaked business documents and source\r\ncode images.\r\nAlleged source code stolen from Habana Labs\r\nIn a threat posted to Pay2Key's data leak site, the threat actors have stated that Habana Labs has \"72hrs to stop leaking\r\nprocess...\" It is not known what ransom demands are being made, if any, to stop the leaking of data.\r\nIt is believed that this attack is not meant to generate revenue for the threat actors but rather to cause havoc for Israeli\r\ninterests.\r\nBleepingComputer has contacted Habana Labs with questions regarding the attack but has not heard back.\r\nPay2Key responsible for recent Israeli cyberattacks\r\nPay2Key is a relatively new ransomware operation behind a series of attacks against Israeli businesses in November 2020,\r\nas reported by Israeli cybersecurity firms Check Point and Profero.\r\nhttps://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/\r\nPage 3 of 5\n\nProfero believes Iranian threat actors are behind the ransomware operation after tracking the group's ransom payment\r\nwallets to Iranian bitcoin exchanges.\r\nIsraeli media has reported that threat actors breached Israeli shipping and cargo software company Amital this week and\r\nused their access to compromise forty of the software company's clients in a supply chain attack.\r\nWhile performing incident response, Profero and Israeli cybersecurity firm Security Joes have linked IOCs from these\r\nattacks to those discovered in previous Pay2Key attacks.\r\nProfero CEO Omri Moyal is warning Israeli companies to harden their network's defenses as further cyberattacks from Iran\r\nare expected.\r\nAnother threat actor known as BlackShadow was responsible for a recent cyberattack against Israeli insurance company\r\nShirbit whose data was stolen and leaked. While the Shirbit attack is similar to the Pay2Key's attacks, it is unknown if they\r\nare linked.\r\nhttps://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/\r\nhttps://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/"
	],
	"report_names": [
		"intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen"
	],
	"threat_actors": [
		{
			"id": "21e01940-3851-417f-9e90-1a4a2da07033",
			"created_at": "2022-10-25T16:07:23.299369Z",
			"updated_at": "2026-04-10T02:00:04.527895Z",
			"deleted_at": null,
			"main_name": "Agrius",
			"aliases": [
				"AMERICIUM",
				"Agonizing Serpens",
				"BlackShadow",
				"DEV-0227",
				"Pink Sandstorm",
				"SharpBoys",
				"Spectral Kitten"
			],
			"source_name": "ETDA:Agrius",
			"tools": [
				"ASPXSpy",
				"ASPXTool",
				"Agrius",
				"BFG Agonizer",
				"BFG Agonizer Wiper",
				"DEADWOOD",
				"DETBOSIT",
				"Detbosit",
				"IPsec Helper",
				"Moneybird",
				"MultiLayer Wiper",
				"PW",
				"PartialWasher",
				"PartialWasher Wiper",
				"SQLShred",
				"Sqlextractor"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d1dcfc37-1f9b-4acd-a023-25153f183c2e",
			"created_at": "2025-08-07T02:03:24.783147Z",
			"updated_at": "2026-04-10T02:00:03.664754Z",
			"deleted_at": null,
			"main_name": "COBALT SHADOW",
			"aliases": [
				"AMERICIUM ",
				"Agonizing Serpens ",
				"Agrius",
				"Agrius ",
				"BlackShadow",
				"DEV-0227 ",
				"Justice Blade ",
				"Malek Team",
				"Malek Team ",
				"MoneyBird ",
				"Pink Sandstorm ",
				"Sharp Boyz ",
				"Spectral Kitten "
			],
			"source_name": "Secureworks:COBALT SHADOW",
			"tools": [
				"Apostle",
				"DEADWOOD",
				"Fantasy wiper",
				"IPsec Helper",
				"MiniDump",
				"Moneybird ransomware",
				"Sandals",
				"SecretsDump"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "4023e661-f566-4b5b-a06f-9d370403f074",
			"created_at": "2024-02-02T02:00:04.064685Z",
			"updated_at": "2026-04-10T02:00:03.547155Z",
			"deleted_at": null,
			"main_name": "Pink Sandstorm",
			"aliases": [
				"AMERICIUM",
				"BlackShadow",
				"DEV-0022",
				"Agrius",
				"Agonizing Serpens",
				"UNC2428",
				"Black Shadow",
				"SPECTRAL KITTEN"
			],
			"source_name": "MISPGALAXY:Pink Sandstorm",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "7d982d5b-3428-483c-8804-c3ab774f1861",
			"created_at": "2024-11-01T02:00:52.70975Z",
			"updated_at": "2026-04-10T02:00:05.357255Z",
			"deleted_at": null,
			"main_name": "Agrius",
			"aliases": [
				"Agrius",
				"Pink Sandstorm",
				"AMERICIUM",
				"Agonizing Serpens",
				"BlackShadow"
			],
			"source_name": "MITRE:Agrius",
			"tools": [
				"NBTscan",
				"Mimikatz",
				"IPsec Helper",
				"Moneybird",
				"MultiLayer Wiper",
				"DEADWOOD",
				"BFG Agonizer",
				"ASPXSpy"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434889,
	"ts_updated_at": 1775791836,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1b0eebb16641b41c25255f7bbc5fd2f1f98353fd.pdf",
		"text": "https://archive.orkl.eu/1b0eebb16641b41c25255f7bbc5fd2f1f98353fd.txt",
		"img": "https://archive.orkl.eu/1b0eebb16641b41c25255f7bbc5fd2f1f98353fd.jpg"
	}
}