Cybercrime gang targets victims with “triple threat” attacks
Posted by:
David Wilson
A new hacking group named Triplestrength has been identified by security researchers for engaging in a unique combination of cyberattacks including ransomware, cloud compromise, and cryptomining. The group, possibly consisting of only a few members, has been active since 2020 and has been closely monitored by Google researchers since 2023. Notably, Triplestrength targets on-prem systems for ransomware attacks and cloud infrastructure such as those from Google Cloud, AWS, and Microsoft Azure for cryptomining activities. The group gains initial access through brute-force attacks or stolen credentials and deploys various malware including Phobos, LokiLocker, and Raccoon infostealer. Despite not being state-sponsored, Triplestrength appears to be profit-driven, seeking financial gains through ransom payments and unauthorized cloud computing. Research indicates that there have been over 600 payments to cryptocurrency addresses associated with Triplestrength, suggesting a large scale of mining activities and potentially hundreds of victims impacted by the group.
Recent Posts1
