Nitrogen
Initial access broker using malvertising campaigns to deliver malware via fake software downloads. Delivers payloads including IcedID and Cobalt Strike to corporate networks.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
10 mentions · 4 sources"The attackers, known as the Nitrogen group, listed Foxconn on its breach site on Monday."
"The attackers, known as the Nitrogen group, listed Foxconn on its breach site on Monday."
"ransomware group Nitrogen claimed credit for the attack on its leak site, according to threat intelligence firm Hackmanac"
"Researchers say that the group's ransomware program itself was built off of widely repurposed "Conti 2" code"
"The group, which typically targets victims in North America and Western Europe, also has connections to the notorious ALPHV/BlackCat ransomware group."
"also has connections to the notorious ALPHV/BlackCat ransomware group"
"after the Nitrogen ransomware group claimed to have stolen 8TB of data"
"Nitrogen, which emerged in 2023, is not the most high-profile or prolific ransomware actor, but it has been steadily active with some spikes, including at the end of 2024."
"Around the same period, the Nitrogen gang targeted Foxconn's North American operations"
Hedge terms observed