Google unveiled a financially driven threat actor, TRIPLESTRENGTH, targeting cloud environments for cryptojacking and on-premise ransomware operations.
“This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity,” Google Cloud noted in its 11th Threat Horizons Report.
TRIPLESTRENGTH employs a three-pronged attack strategy: unauthorized cryptocurrency mining, ransomware deployment, and offering cloud platform access—spanning services like Google Cloud, AWS, Azure, Linode, OVHCloud, and Digital Ocean—to other attackers. The group’s primary entry methods involve stolen credentials and cookies, often sourced from Raccoon Stealer logs. Compromised environments are used to create compute resources for mining cryptocurrency using tools like the unMiner application and the unMineable mining pool, optimized for both CPU and GPU algorithms.
Interestingly, TRIPLESTRENGTH has concentrated its ransomware efforts on on-premises systems, deploying lockers such as Phobos, RCRU64, and LokiLocker.
“In Telegram channels focused on hacking, actors linked to TRIPLESTRENGTH have posted advertisem
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: