TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware


Google's Threat Horizons Report highlights a financially motivated threat actor, TRIPLESTRENGTH, targeting cloud environments for cryptojacking and on-premise ransomware attacks. The group uses stolen credentials and cookies, often sourced from Raccoon stealer logs, to access cloud platforms like Google Cloud, AWS, and Azure, creating compute resources for cryptocurrency mining via unMiner and unMineable tools. Additionally, TRIPLESTRENGTH conducts ransomware attacks on on-premise systems using Phobos, RCRU64, and LokiLocker, while advertising ransomware-as-a-service and access to compromised servers on Telegram. Google has countered these activities by enforcing MFA and enhancing logging to detect billing-related anomalies.

Read More


thumb-image

Solutions