02 May 19, 18:10
Quote:New details are emerging in the April attack on systems consulting behemoth Wipro, which saw its network hacked and used for mounting attacks on a dozen of its customers. In a fresh analysis of the indicators of compromise (IOCs), Flashpoint analysts said that the cyberattackers have actually been operating in the shadows for some time – and that the Wipro incident is only its latest effort.
Researchers also uncovered that the adversaries used a range of legitimate security applications during the campaign; and, that the threat group appears to have been looking to carry out mass gift card fraud.
In the attack, the adversaries appeared to compromise the company’s email server via a successful phishing attempt, before pivoting to reach out to partner networks. The company represents a target-rich environment for this kind of supply-chain attack: It works with tens of thousands of companies, including Fortune 500 clients, on technology outsourcing projects around the globe (last year passing $8 billion in annual run rate).
“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign,” the company said in a media statement at the time. “Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.”
SOURCE: https://threatpost.com/wipro-attackers-u...ar/144276/
![[-]](https://www.geeks.fyi/images/collapse.png)
