CIP Cyber

Wipro Invaders Targeted Other Major IT Organization

Table of Contents

Wipro IT services

Wipro IT services are famous all over India. The criminals accountable for introducing illegal phishing operations that caught hundreds of employees and more than 100 organization framework last month at Wipro, India’s third-largest IT service organization, also seem to have targeted a number of other opposing providers, involving Infosys and Cognizant, new indication recommends. The signs so far recommend the task of a justly experienced crime group that is attentive on committing gift card scam.

On 15th April, an online website provided the news that more than one sources were reporting a cybersecurity loophole at Wipro IT service, a major trusted vendor of IT outsourcing for U.S. organization. The story confirmed reports from numerous anonymous sources who said Wipro’s trusted networks and systems were being utilized to launch cyber-attacks against the organization’ clients. This incident has left a question mark on Wipro IT service.

If one inspects the subdomains tied to only one of the malicious domains mentioned in the IoCs list (internal-message [.]app), one very attention-grabbing Internet address is linked to all of the — 185.159.83[.]24. This address is preserved by King Servers, a well-recognized bulletproof hosting organization based in Russia.

As per the records organized by Farsight Security, that address is house to a number of other likely phishing domains. Some of them are mentioned here:

securemail.pcm.com.internal-message[.]app
secure.wipro.com.internal-message[.]app
securemail.wipro.com.internal-message[.]app
secure.elavon.com.internal-message[.]app
securemail.slalom.com.internal-message[.]app
securemail.avanade.com.internal-message[.]app
securemail.infosys.com.internal-message[.]app
securemail.searshc.com.internal-message[.]app
securemail.capgemini.com.internal-message[.]app
securemail.cognizant.com.internal-message[.]app
secure.rackspace.com.internal-message[.]app
securemail.virginpulse.com.internal-message[.]app
secure.expediagroup.com.internal-message[.]app
securemail.greendotcorp.com.internal-message[.]app
secure.bridge2solutions.com.internal-message[.]app
ns1.internal-message[.]app
ns2.internal-message[.]app
mail.internal-message[.]app
ns3.microsoftonline-secure-login[.]com
ns4.microsoftonline-secure-login[.]com
tashabsolutions[.]xyz
www.tashabsolutions[.]xyz

The subdomains registered above recommend the cybercriminals may also have targeted American store Sears; Green Dot, the world’s biggest prepaid card vendor; payment processing firm Elavon; hosting firm Rackspace; enterprise advising firm Avanade; IT provider PCM; and French consulting organization Capgemini, among others. Experts say that such an incident will lose confidence in cybersecurity as we see in the case of Wipro IT services.

What else they did 

It shows the attackers, in this case, are targeting organizations that in one form or another have access to either a ton of third-party organization resources and/or organization that can be abused to conduct gift card scam.

Wednesday’s follow-up on the Wipro IT service breach stated an anonymous source close to the examination saying the criminals accountable for breaching. Wipro appears to be after anything they can turn into cash fairly rapidly. That foundation, who works for a big U.S. retailer, said the crooks who broke into Wipro used their authorization to perpetrate gift card scam at the vender’s stores.

Some other source stated the investigation into the Wipro IT service breach by a third party organization has considered so far the invaders compromised more than 100 Wipro IT service systems and installed on each of them ScreenConnect, a genuine remote entree tool. Investigators think the invaders were using the ScreenConnect software on the hacked Wipro IT service systems to link remotely to Wipro client systems, which were then managed to leverage further access into Wipro clients’ networks.

It is curiously similar to the activity that was targeted against a U.S. based organization in 2016 and 2017. In May 2018, Maritz Holdings Inc., a Missouri-based firm that manages client loyalty and gift card agendas for third-parties, sued Cognizant (PDF), saying a forensic investigation considered that hackers used Cognizant’s pattern in an attack on Maritz’s loyalty program that netted the attackers more than $11 million in fake eGift cards.

That investigation examined the cyber-attacker also utilized ScreenConnect to access PCs related to Maritz employees. “This was the same feature that was used to effectuate the cyber-attack in Spring 2016. Intersec j[the forensic investigator] also considered that the attackers had run searches on the Maritz system for specific words and phrases linked to the Spring 2016 attack.”

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings