Iranian advanced persistent threat groups have been observed employing a new tactic, utilizing pseudo-ransomware to target high-impact organizations in the US. This approach blurs the lines between state-sponsored and cybercriminal activities, making it increasingly difficult to distinguish between the two. The pseudo-ransomware is designed to extort money from victims, but its primary purpose is to disrupt operations and gather intelligence. The revival of Pay2Key operations is a notable aspect of this campaign, with Iranian APTs adapting their strategies to evade detection and maximize impact. The use of pseudo-ransomware allows these groups to maintain plausible deniability while still achieving their objectives1. This development highlights the importance of operational resilience planning, particularly in sectors that are frequently targeted by Iranian APTs, so practitioners must prioritize robust security measures to mitigate the risk of such attacks.