Triplestrength, a newly identified cybercrime gang, poses a multifaceted threat to businesses by deploying ransomware, hijacking cloud accounts for cryptocurrency mining, and advertising access to compromised servers.
A recently identified criminal gang, dubbed Triplestrength, poses a significant three-pronged threat to organizations. This financially motivated group infects victims' computers with ransomware, hijacks their cloud accounts for illicit cryptocurrency mining , and advertises access to compromised servers on hacker forums. Google's Threat Intelligence Group has been tracking Triplestrength since 2023, revealing a relatively small operation, likely consisting of a few individuals.
Despite their limited size, they are highly active in cybercrime forums. Google's incident responders have observed online personas linked to Triplestrength promoting access to compromised servers across various cloud providers, including Google Cloud, Amazon Web Services, Microsoft Azure, Linode, OVHCloud, and DigitalOcean. They also actively recruit other criminals to assist in their extortion efforts.Triplestrength's ransomware operations appear to have been ongoing since at least 2020, based on activity observed in underground forums. Their ransomware attacks target on-premises systems exclusively, not cloud infrastructure, and they do not employ the common double-extortion tactic. Instead, they encrypt files and demand payment to unlock them. Unlike more prevalent ransomware-as-a-service (RaaS) operations like RansomHub and Lockbit, Triplestrength utilizes older malware strains from RaaS platforms that lack additional services for affiliates, such as dark-web leak sites or ransom negotiation support. They primarily rely on automated attack techniques, such as brute-force password attacks, to gain initial access. In a May 2024 intrusion, for example, Triplestrength exploited a brute-force password guessing attack on a remote desktop server for initial access. Subsequently, they navigated the victim's network, disabled antivirus tools, and deployed the RCRU64 ransomware on multiple Windows hosts. The tools used in this attack were common utilities and malware commonly observed in ransomware campaigns, including Mimikatz and NetScan.Triplestrength's involvement in illicit cryptocurrency mining emerged around 2022, as the group advertised on Telegram for assistance in spreading RCRU64 and recruited blackmailers. Google analysts linked these activities to compromised cloud servers, providing evidence that Triplestrength transitioned from on-premises mining to exploiting cloud infrastructure. In their early stages, they ran mining software on compromised on-premises computers, leveraging victim resources for cryptocurrency generation. Subsequently, they shifted their focus to accessing victims' cloud servers for mining, while simultaneously deploying on-premises ransomware. While the incident responders detected miners in Google Cloud customer environments, Triplestrength likely targeted multiple cloud providers by 2023.
Ransomware Cryptocurrency Mining Cloud Security Triplestrength Gang Cybersecurity Threat
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
India Sentences Five Men to Death for Gruesome Gang Rape and Triple MurderFive men in India have been sentenced to death for the brutal gang rape and murder of a teenager, her father, and her three-year-old niece. The case highlights the ongoing issue of violence against women in India.
Read more »
Pension triple lock threat as Tories float scrapping guaranteed income boostConservative leader Kemi Badenoch said the triple lock pension guarantee could become income-based - just weeks after attacking Labour for means testing the Winter Fuel Payment
Read more »
Jennifer Lopez's Triple Threat Performance in 'Kiss of the Spider Woman'Bill Condon, director of 'Kiss of the Spider Woman,' reveals why Jennifer Lopez was the perfect choice to lead the cast, highlighting her remarkable range in portraying three distinct characters. Condon praises Lopez's ability to seamlessly navigate the different roles, delivering 11 captivating musical numbers.
Read more »
Government IT systems face severe cyber threatCritical public services including hospitals vulnerable to hack attacks, weakened by skills shortages and aging IT as dangers mount.
Read more »
UK Government Departments Face Growing Cyber Security ThreatA new report by the National Audit Office (NAO) warns that UK government departments are at increasing risk of cyberattacks due to inadequate defenses and outdated IT systems. The report highlights a shortage of cybersecurity skills, vacant positions in security teams, and the use of obsolete IT infrastructure, leaving the country vulnerable to attacks. Recent high-profile cyber incidents, such as the British Library data breach and ransomware attacks on London NHS trusts, underscore the urgency of addressing these issues. The NAO urges the government to prioritize cybersecurity, improve skills training, strengthen accountability, and modernize its IT systems to mitigate the escalating cyber threat.
Read more »
UK Government Departments Face Growing Cyber ThreatA new report by the National Audit Office (NAO) has revealed that UK government departments are increasingly vulnerable to cyberattacks due to inadequate defenses and outdated IT systems. The report highlights a shortage of cybersecurity professionals and warns that the UK is struggling to keep pace with the evolving cyber threat.
Read more »