As reported by Calcalist, a hacking group alleges that it has used Pay2key malware to gain access to Intel's Habana Labs in Israel. The purported attack follows a wave of recent ransomware attacks in Israel. As proof of the attack, the hackers have shared via Twitter what appears to be a snippet of Habana Labs code, although it's notable that the snippet of text could be easily faked, along with a domain account and domain zone information. We've reached out to Intel for further comment and will update as necessary.
According to Check Point Research, Pay2Key has emerged as a particularly potent variant of ransomware that can gain control and encrypt an entire network in an hour. The perpetrators generally ask for ransom that ranges from $110,000 to $140,000, paid in Bitcoin. It's unclear if the group behind the purported attack has demanded a ransom from Intel.
The hackers typically gain access to the target network through hacked RDP (remote desktop protocol) services, which are then used to plant the ransomware on the network's machines. The encryption scheme uses AES and RSA algorithms, hindering efforts to create decryption tools to free the infected systems.
Intel acquired the Israel-based Habana Labs in December 2019 for $2 billion, largely due to the strengths of the company's Goya and Gaudi AI accelerators. Intel left Habna as an independent business unit and pledged that it would remain in Israel. We've heard little from the company on Habana's progress until earlier this month when Amazon Web Services announced that it had made Gaudi-powered instances available to its customers.
The Pay2Key ransomware has reportedly been behind a recent spate of attacks against Israeli companies, but the full scope of the operation is unknown. We'll update as we learn more.