North American technology and non-profit organizations have been targeted by the novel Nitrogen initial access malware campaign, which leverages web search ads of fake software websites to facilitate the delivery of ALPHV/BlackCat ransomware, BleepingComputer reports.
Threat actors behind the campaign have been using Google or Bing search results for widely used software, including AnyDesk, Cisco AnyConnect, WinSCP, and TreeSize Free, to lure potential victims into visiting fraudulent sites that feature trojanized ISO installers, which sideloads a malicious DLL file that later installs the Nitrogen malware, according to a Sophos report. Further analysis of the NitrogenInstaller revealed the presence of the "Python" registry key for persistence and the execution of "NitrogenStager," which establishes command-and-control server communications and deploys Cobalt Strike beacons and a Meterpreter shell.
While Sophos researchers have not determined the goal of the attackers behind the campaign, Trend Micro researchers previously noted the use of a similar attack chain to facilitate ALPHV/BlackCat ransomware delivery.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Such a disclosure, which is part of the Microchip's financial report for the second quarter of fiscal year 2025, comes two months after the firm confirmed the exfiltration of employee contact details, password hashes, and other data from its systems as a result of the intrusion.
Such malware compromise, which was only identified in late September, has impacted login information, names, phone numbers, emails, shipping and billing addresses, and payment card details with CVV codes and expiration dates belonging to individuals who had visited the SelectBlinds website's check-out page.
"Investigations into the incident are continuing, however, the Company is confident that no customer systems data has been compromised," said Microlise in an incident update, which has noted "substantial progress" in thwarting the network threat.