Intel's Habana Labs hacked by Pay2Key ransomware, data stolen

Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors.

Habana Labs is an Israeli developer of AI processors that accelerate artificial intelligence workloads in the datacenter. Intel purchased the company in December 2019 for approximately $2 billion.

Today, the Pay2Key ransomware operation leaked data allegedly stolen from Habana Labs during a cyberattack. This data includes Windows domain account information, DNS zone information for the domain, and a file listing from its Gerrit development code review system.

Pay2Key data leak page for Habana Labs
Pay2Key data leak page for Habana Labs
In addition to the content posted on their data leak site, the Pay2Key operators have leaked business documents and source code images.

Alleged source code stolen from Habana Labs
Alleged source code stolen from Habana Labs
In a threat posted to Pay2Key's data leak site, the threat actors have stated that Habana Labs has "72hrs to stop leaking process..." It is not known what ransom demands are being made, if any, to stop the leaking of data.

It is believed that this attack is not meant to generate revenue for the threat actors but rather to cause havoc for Israeli interests.

BleepingComputer has contacted Habana Labs with questions regarding the attack but has not heard back.

Pay2Key responsible for recent Israeli cyberattacks
Pay2Key is a relatively new ransomware operation behind a series of attacks against Israeli businesses in November 2020, as reported by Israeli cybersecurity firms Check Point and Profero.

Profero believes Iranian threat actors are behind the ransomware operation after tracking the group's ransom payment wallets to Iranian bitcoin exchanges.


Israeli media has reported that threat actors breached Israeli shipping and cargo software company Amital this week and used their access to compromise forty of the software company's clients in a supply chain attack.

While performing incident response, Profero and Israeli cybersecurity firm Security Joes have linked IOCs from these attacks to those discovered in previous Pay2Key attacks.



Profero CEO Omri Moyal is warning Israeli companies to harden their network's defenses as further cyberattacks from Iran are expected.



Another threat actor known as BlackShadow was responsible for a recent cyberattack against Israeli insurance company Shirbit whose data was stolen and leaked. While the Shirbit attack is similar to the Pay2Key's attacks, it is unknown if they are linked.