# Intel's Habana Labs hacked by Pay2Key ransomware, data stolen **[bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/](https://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) December 13, 2020 01:19 PM 0 Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors. Habana Labs is an Israeli developer of AI processors that accelerate artificial intelligence workloads in the datacenter. Intel purchased the company in December 2019 for approximately $2 billion. Today, the Pay2Key ransomware operation leaked data allegedly stolen from Habana Labs during a cyberattack. This data includes Windows domain account information, DNS zone information for the domain, and a file listing from its Gerrit development code review system. ----- **Pay2Key data leak page for Habana Labs** In addition to the content posted on their data leak site, the Pay2Key operators have leaked business documents and source code images. **Alleged source** **code stolen from Habana Labs** In a threat posted to Pay2Key's data leak site, the threat actors have stated that Habana Labs has "72hrs to stop leaking process..." It is not known what ransom demands are being made, if any, to stop the leaking of data. ----- It is believed that this attack is not meant to generate revenue for the threat actors but rather to cause havoc for Israeli interests. BleepingComputer has contacted Habana Labs with questions regarding the attack but has not heard back. ## Pay2Key responsible for recent Israeli cyberattacks [Pay2Key is a relatively new ransomware operation behind a series of attacks against Israeli](https://www.bleepingcomputer.com/news/security/new-pay2key-ransomware-encrypts-networks-within-one-hour/) [businesses in November 2020, as reported by Israeli cybersecurity firms Check Point and](https://research.checkpoint.com/2020/ransomware-alert-pay2key/) [Profero.](https://profero.io/) Profero believes Iranian threat actors are behind the ransomware operation after tracking the group's ransom payment wallets to Iranian bitcoin exchanges. [This week @_CPResearch_ released an analysis of ransomware targeting Israeli](https://twitter.com/_CPResearch_?ref_src=twsrc%5Etfw) SME dubbed "Pay2Key". Using intelligence sources and our latest CryptoCurrency monitoring capabilities, we have been able to track the exit strategy of the threat [actors leading to Iranian exchange. pic.twitter.com/64WzsonAjQ](https://t.co/64WzsonAjQ) — Profero (@ProferoSec) [November 11, 2020](https://twitter.com/ProferoSec/status/1326452601857200128?ref_src=twsrc%5Etfw) [Israeli media has reported that threat actors breached Israeli shipping and cargo software](https://www.jpost.com/israel-news/suspected-cyberattack-targets-israeli-shipping-software-service-651952) company Amital this week and used their access to compromise forty of the software company's clients in a supply chain attack. While performing incident response, Profero and Israeli cybersecurity firm Security Joes have linked IOCs from these attacks to those discovered in previous Pay2Key attacks. Our joint [@ProferoSec &](https://twitter.com/ProferoSec?ref_src=twsrc%5Etfw) [@SecurityJoes IR teams have been able to correlate](https://twitter.com/SecurityJoes?ref_src=twsrc%5Etfw) infrastructure of previous pay2key ransomware attacks to the current shipment and cargo infiltration. This is another major escalation in the current cyber-conflict [between Israel and Iran. pic.twitter.com/idIWAm8JTb](https://t.co/idIWAm8JTb) — Profero (@ProferoSec) [December 13, 2020](https://twitter.com/ProferoSec/status/1338107198719856641?ref_src=twsrc%5Etfw) Profero CEO Omri Moyal is [warning Israeli companies to harden their network's defenses](https://twitter.com/GelosSnake/status/1338104607868907526?s=20) as further cyberattacks from Iran are expected. ----- Another threat actor known as BlackShadow was responsible for a recent cyberattack against Israeli insurance company Shirbit whose data was stolen and leaked. While the Shirbit attack is similar to the Pay2Key's attacks, it is unknown if they are linked. ### Related Articles: [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [Quantum ransomware seen deployed in rapid network attacks](https://www.bleepingcomputer.com/news/security/quantum-ransomware-seen-deployed-in-rapid-network-attacks/) [Snap-on discloses data breach claimed by Conti ransomware gang](https://www.bleepingcomputer.com/news/security/snap-on-discloses-data-breach-claimed-by-conti-ransomware-gang/) [Shutterfly discloses data breach after Conti ransomware attack](https://www.bleepingcomputer.com/news/security/shutterfly-discloses-data-breach-after-conti-ransomware-attack/) [Windows 11 KB5014019 breaks Trend Micro ransomware protection](https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/) [Data Exfiltration](https://www.bleepingcomputer.com/tag/data-exfiltration/) [Intel](https://www.bleepingcomputer.com/tag/intel/) [PAY2KEY](https://www.bleepingcomputer.com/tag/pay2key/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) ----- Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence s area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/microsoft/hands-on-with-windows-10s-built-in-pktmon-network-monitor/) [Next Article](https://www.bleepingcomputer.com/news/google/google-chromes-high-resource-ad-blocking-spotted-in-the-wild/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ### You may also like: -----