Numerous cloud platforms, including Microsoft Azure, Amazon Web Services, and Google Cloud, have been compromised for cryptomining and on-premises ransomware intrusions by the TRIPLESTRENGTH threat operation, The Hacker News reports.
TRIPLESTRENGTH leveraged stolen credentials and cookies to infiltrate targeted cloud environments, which were later subjected to cryptomining through the unMIner application and unMineable mining pool, according to Google Cloud.
However, on-premises resources were targeted by the group's ransomware attacks, which involved the LokiLocker, Phobos, and RCRU64 payloads, reported Google Cloud, which noted TRIPLESTRENGTH's efforts to peddle compromised systems access and ransomware-as-a-service payloads to other threat actors. Google implemented mandatory multi-factor authentication and more robust logging mechanisms to mitigate the threat posed by TRIPLESTRENGTH.
On-premises and cloud access facilitated by stolen credentials "can be further exploited to compromise infrastructure through remote access services, manipulate MFA, and establish a trusted presence for subsequent social engineering attacks," said the report.
