Summary: Google has identified a financially motivated threat actor named TRIPLESTRENGTH, which targets cloud environments for cryptojacking and on-premise ransomware attacks. The actor employs stolen credentials to hijack cloud resources for cryptocurrency mining and advertises access to compromised servers. Additionally, TRIPLESTRENGTH has been linked to ransomware operations using various malicious tools and has actively sought partnerships for further attacks.

Threat Actor: TRIPLESTRENGTH | TRIPLESTRENGTH
Victim: Various cloud platforms and organizations | cloud platforms and organizations

Keypoints :

• TRIPLESTRENGTH engages in cryptocurrency mining, ransomware, and extortion targeting cloud environments.
• Initial access is often gained through stolen credentials linked to Raccoon information stealer infections.
• The actor has advertised ransomware-as-a-service and sought partners for ransomware operations on Telegram.