Cloud Security, Threat Intelligence, Identity, Ransomware

Cloud-targeted attacks conducted by TRIPLESTRENGTH operation

SOC 2 compliance for cloud networks

Numerous cloud platforms, including Microsoft Azure, Amazon Web Services, and Google Cloud, have been aimed to be compromised for cryptomining and on-premises ransomware intrusions by the TRIPLESTRENGTH threat operation, The Hacker News reports.

TRIPLESTRENGTH leveraged stolen credentials and cookies to infiltrate targeted cloud environments, which were later subjected to cryptomining through the unMIner application and unMineable mining pool, an analysis from Google Cloud revealed. However, on-premises resources were targeted by the group's ransomware attacks, which involved the LokiLocker, Phobos, and RCRU64 payloads, according to Google Cloud, which noted TRIPLESTRENGTH's efforts to peddle compromised systems access and ransomware-as-a-service payloads to other threat actors. Mandatory multi-factor authentication and more robust logging mechanisms have been implemented by Google to mitigate the threat posed by TRIPLESTRENGTH. On-premises and cloud access facilitated by stolen credentials "can be further exploited to compromise infrastructure through remote access services, manipulate MFA, and establish a trusted presence for subsequent social engineering attacks," said the report.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds