A recent early access malware operation called Nitrogen promotes bogus software sites that infect unaware users with Cobalt Strike and ransomware payloads by using Google and Bing search ads. A study on the Nitrogen campaign was just made public by Sophos. It describes how it predominantly targets technology and nonprofit organisations in North America while pretending to be well-known programmes including AnyDesk, Cisco AnyConnect VPN, TreeSize Free, and WinSCP.
The Nitrogen malware’s main objective is to grant threat actors initial access to business networks so they may engage in data theft, cyberespionage, and ultimately the deployment of the BlackCat/ALPHV ransomware. Late in June, eSentire was the first to report on the Nitrogen campaign, and at the beginning of July, Trend Micro examined the post-compromise behaviour of WinSCP advertising causing BlackCat/ALPHV ransomware outbreaks.