Cybercrime gang targets victims with "triple threat" attacks

A person at a laptop with a cybersecure lock symbol floating above it.
(Image credit: Shutterstock / laymanzoom)

  • Security researchers spotted a new threat actor called Triplestrength
  • The group engages in ransomware, cloud compromise, and cryptomining
  • There are potentially hundreds of victims

A small and relatively unknown hacking group has started drawing attention to itself by engaging in somewhat unusual "triple threat" cyberattacks.

Researchers from Google recently discovered Triplestrength, possibly a small threat actor with only a handful of individuals, which has been around since 2020, although Google’s researchers have been tracking it since 2023.

What makes this group stand out is the fact that besides ransomware, it is also hijacking victim cloud accounts and using them to deploy cryptominers. The group started with ransomware in 2020, and added the crypto-mining part two years later.

Brute force

For ransomware, Google further explains, the group mostly targets on-prem systems. For cryptomining, it targets cloud infrastructure from Google Cloud, AWS, Microsoft Azure, Linode, and more.

Triplestrength doesn’t seem to be state-sponsored and instead seems to be motivated by pure profit - looking to gain money from both ransom payments and unauthorized cloud computing.

Initial access is mostly done through brute-force attacks on remote desktop servers, or via stolen credentials. Once the target endpoints are compromised, Triplestrength deploys malware including Phobos, LokiLocker, RCRU64, or Raccoon infostealer. For cryptomining, the group mostly uses unMiner. Interestingly enough, there was no mention of XMRig, by far the most popular cryptojacker out there.

Speaking to The Register, the researchers did not want to say exactly how many victims Triplestrength struck in the past four years, but they did stress they, "identified numerous TRX cryptocurrency addresses that we believe are associated with Triplestrength."

"And at last count, which is now months outdated, there were over 600 payments to these addresses," they told the publication. "That at least gives you some idea of the volume of mining activity that they're likely conducting."

In other words, there are hundreds of compromised cloud instances out there, and thus possibly hundreds of ransomware victims, as well.

Via The Register

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Latest in Security
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
Latest in News
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in new thrilling F1 trailer
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Jason Sudeikis' Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ and Jason Sudeikis will reprise his role as the titular soccer coach