- Security researchers saw a new threat actor called triplerength
- The group is involved in ransomware, cloud commitment and cryptomination
- There are potentially hundreds of victims
A small and relatively unknown piracy group has begun to attract attention to itself by participating in somewhat unusual cyber attacks of “triple threat.”
Google researchers recently discovered TRIPLESTRENGTH, possibly an actor of a small threat with only a handful of individuals, which has existed since 2020, although Google researchers have been tracking it since 2023.
What makes this group stand out is the fact that, in addition to ransomware, it is also kidnapping the accounts of the cloud of victims and using them to implement cryptominiums. The group began with ransomware in 2020, and added the cryptographic part two years later.
Brute force
For ransomware, explains Google, the group is mostly aimed at systems in the former. For cryptomination, it is directed to the cloud infrastructure of Google Cloud, AWS, Microsoft Azure, Linode and more.
TRIPLESTRENGTH does not seem to be sponsored by the State and, on the other hand, seems to be motivated by pure profits, seeking to earn money from both rescue payments and unauthorized cloud computing.
Initial access is mainly performed through gross force attacks on remote desktop servers, or by stolen credentials. Once the final points of destination are compromised, Triplerength displays malware, including Phobos, Lokilocker, RCRU64 or infant raccoon. For cryptomination, the group mainly uses a miner. Interestingly, Xmrig was not mentioned, with much, the most popular cryptojker that exists.
Talking with The registrationThe researchers did not want to say how many victims struck triplerengming in the last four years, but they stressed them, “they identified numerous TRX cryptocurrency addresses that we believe are associated with triplengment.”
“And in the last count, which is now outdated, there were more than 600 payments to these directions,” they said the publication. “That at least gives you an idea of the volume of mining activity that are probably carrying out.”
In other words, there are hundreds of instances of committed clouds out there, and therefore possibly also hundreds of ransomware victims.
Through The registration
