VERY IMPORTANT

This report describes an ongoing malicious campaign targeting system administrators through fraudulent online advertisements for popular utilities like PuTTY and FileZilla. Threat actors are using these ads to trick victims into downloading and running the Nitrogen malware, which is employed to gain initial access to private networks, leading to data theft and deployment of ransomware such as BlackCat/ALPHV. The tactics, techniques, and procedures (TTPs) used in this campaign, as well as indicators of compromise (IOCs), are provided to assist defenders in taking appropriate action.