Ransomware Group: NITROGEN

VICTIM NAME: Kirkor Architects and Planners

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NITROGEN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an incident involving Kirkor Architects and Planners, a company specialized in large-scale residential, mixed-use, and infrastructure projects in Canada. The attack was publicly disclosed on July 3, 2025, just moments after the initial discovery. The breach appears to involve data exfiltration by a threat group identified as “nitrogen,” which is known for its infostealer activities. The leaked data includes general information related to the company’s operations, but specific sensitive details or PII are not disclosed. The page includes a screenshot depicting some of the compromised material, emphasizing the severity of the breach without revealing explicit contents.

Contact details or direct victim information have been redacted to protect privacy. No evidence suggests any ongoing threat to individual employees or third-party associates at this time. The leak suggests that the attackers may have gained access to internal information connected to the company’s projects and business activities. The incident highlights the importance of cybersecurity measures within the architecture and construction industries, especially for firms handling sensitive client and project data. The leak also includes a claim URL linking to the dark web post, where further details and potential data samples may be accessed by authorized threat actors or investigators.