North American technology and non-profit organizations have been targeted by the novel Nitrogen initial access malware campaign, which leverages web search ads of fake software websites to facilitate the delivery of ALPHV/BlackCat ransomware, BleepingComputer reports.
Threat actors behind the campaign have been using Google or Bing search results for widely used software, including AnyDesk, Cisco AnyConnect, WinSCP, and TreeSize Free, to lure potential victims into visiting fraudulent sites that feature trojanized ISO installers, which sideloads a malicious DLL file that later installs the Nitrogen malware, according to a Sophos report. Further analysis of the NitrogenInstaller revealed the presence of the "Python" registry key for persistence and the execution of "NitrogenStager," which establishes command-and-control server communications and deploys Cobalt Strike beacons and a Meterpreter shell.
While Sophos researchers have not determined the goal of the attackers behind the campaign, Trend Micro researchers previously noted the use of a similar attack chain to facilitate ALPHV/BlackCat ransomware delivery.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news