Wipro Invaders Targeted Other Major IT Organization

Wipro IT services

Wipro IT services are famous all over India. The criminals accountable for introducing illegal phishing operations that caught hundreds of employees and more than 100 organization framework last month at Wipro, India’s third-largest IT service organization, also seem to have targeted a number of other opposing providers, involving Infosys and Cognizant, new indication recommends. The signs so far recommend the task of a justly experienced crime group that is attentive on committing gift card scam.

On 15th April, an online website provided the news that more than one sources were reporting a cybersecurity loophole at Wipro IT service, a major trusted vendor of IT outsourcing for U.S. organization. The story confirmed reports from numerous anonymous sources who said Wipro’s trusted networks and systems were being utilized to launch cyber-attacks against the organization’ clients. This incident has left a question mark on Wipro IT service.

If one inspects the subdomains tied to only one of the malicious domains mentioned in the IoCs list (internal-message [.]app), one very attention-grabbing Internet address is linked to all of the — 185.159.83[.]24. This address is preserved by King Servers, a well-recognized bulletproof hosting organization based in Russia.

As per the records organized by Farsight Security, that address is house to a number of other likely phishing domains. Some of them are mentioned here:

securemail.pcm.com.internal-message[.]app
secure.wipro.com.internal-message[.]app
securemail.wipro.com.internal-message[.]app
secure.elavon.com.internal-message[.]app
securemail.slalom.com.internal-message[.]app
securemail.avanade.com.internal-message[.]app
securemail.infosys.com.internal-message[.]app
securemail.searshc.com.internal-message[.]app
securemail.capgemini.com.internal-message[.]app
securemail.cognizant.com.internal-message[.]app
secure.rackspace.com.internal-message[.]app
securemail.virginpulse.com.internal-message[.]app
secure.expediagroup.com.internal-message[.]app
securemail.greendotcorp.com.internal-message[.]app
secure.bridge2solutions.com.internal-message[.]app
ns1.internal-message[.]app
ns2.internal-message[.]app
mail.internal-message[.]app
ns3.microsoftonline-secure-login[.]com
ns4.microsoftonline-secure-login[.]com
tashabsolutions[.]xyz
www.tashabsolutions[.]xyz

The subdomains registered above recommend the cybercriminals may also have targeted American store Sears; Green Dot, the world’s biggest prepaid card vendor; payment processing firm Elavon; hosting firm Rackspace; enterprise advising firm Avanade; IT provider PCM; and French consulting organization Capgemini, among others. Experts say that such an incident will lose confidence in cybersecurity as we see in the case of Wipro IT services.

What else they did 

It shows the attackers, in this case, are targeting organizations that in one form or another have access to either a ton of third-party organization resources and/or organization that can be abused to conduct gift card scam.

Wednesday’s follow-up on the Wipro IT service breach stated an anonymous source close to the examination saying the criminals accountable for breaching. Wipro appears to be after anything they can turn into cash fairly rapidly. That foundation, who works for a big U.S. retailer, said the crooks who broke into Wipro used their authorization to perpetrate gift card scam at the vender’s stores.

Some other source stated the investigation into the Wipro IT service breach by a third party organization has considered so far the invaders compromised more than 100 Wipro IT service systems and installed on each of them ScreenConnect, a genuine remote entree tool. Investigators think the invaders were using the ScreenConnect software on the hacked Wipro IT service systems to link remotely to Wipro client systems, which were then managed to leverage further access into Wipro clients’ networks.

It is curiously similar to the activity that was targeted against a U.S. based organization in 2016 and 2017. In May 2018, Maritz Holdings Inc., a Missouri-based firm that manages client loyalty and gift card agendas for third-parties, sued Cognizant (PDF), saying a forensic investigation considered that hackers used Cognizant’s pattern in an attack on Maritz’s loyalty program that netted the attackers more than $11 million in fake eGift cards.

That investigation examined the cyber-attacker also utilized ScreenConnect to access PCs related to Maritz employees. “This was the same feature that was used to effectuate the cyber-attack in Spring 2016. Intersec j[the forensic investigator] also considered that the attackers had run searches on the Maritz system for specific words and phrases linked to the Spring 2016 attack.”

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

LINUX GAME HACKING GUIDE 2021

In the past, most games had cheat codes, yet these days it's more uncommon. As a programmer, I like to perceive how things work,...

Phishing Prevention: How to Secure Your Organization Against Phishing Attacks

Phishing is a type of cyberattack that aims to trick people into giving up their sensitive information or hack into a system by means...

Automated Penetration Testing Prevents High-Risk Vulnerabilities

According to new research from Positive Technologies, a substantial 84% of companies contain high-risk vulnerabilities within their network perimeter. Scanning as many as 3,514...

Security Concerns When You’re Running Your Company From Abroad

The world of technology makes it possible for entrepreneurs to run their businesses from any location worldwide. You could travel and move to any...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.