Numerous cloud platforms, including Microsoft Azure, Amazon Web Services, and Google Cloud, have been aimed to be compromised for cryptomining and on-premises ransomware intrusions by the TRIPLESTRENGTH threat operation, The Hacker News reports.
TRIPLESTRENGTH leveraged stolen credentials and cookies to infiltrate targeted cloud environments, which were later subjected to cryptomining through the unMIner application and unMineable mining pool, an analysis from Google Cloud revealed. However, on-premises resources were targeted by the group's ransomware attacks, which involved the LokiLocker, Phobos, and RCRU64 payloads, according to Google Cloud, which noted TRIPLESTRENGTH's efforts to peddle compromised systems access and ransomware-as-a-service payloads to other threat actors. Mandatory multi-factor authentication and more robust logging mechanisms have been implemented by Google to mitigate the threat posed by TRIPLESTRENGTH. On-premises and cloud access facilitated by stolen credentials "can be further exploited to compromise infrastructure through remote access services, manipulate MFA, and establish a trusted presence for subsequent social engineering attacks," said the report.