Wipro Invaders Targeted Other Major IT Organization

Wipro IT services

Wipro IT services are famous all over India. The criminals accountable for introducing illegal phishing operations that caught hundreds of employees and more than 100 organization framework last month at Wipro, India’s third-largest IT service organization, also seem to have targeted a number of other opposing providers, involving Infosys and Cognizant, new indication recommends. The signs so far recommend the task of a justly experienced crime group that is attentive on committing gift card scam.

On 15th April, an online website provided the news that more than one sources were reporting a cybersecurity loophole at Wipro IT service, a major trusted vendor of IT outsourcing for U.S. organization. The story confirmed reports from numerous anonymous sources who said Wipro’s trusted networks and systems were being utilized to launch cyber-attacks against the organization’ clients. This incident has left a question mark on Wipro IT service.

If one inspects the subdomains tied to only one of the malicious domains mentioned in the IoCs list (internal-message [.]app), one very attention-grabbing Internet address is linked to all of the — 185.159.83[.]24. This address is preserved by King Servers, a well-recognized bulletproof hosting organization based in Russia.

As per the records organized by Farsight Security, that address is house to a number of other likely phishing domains. Some of them are mentioned here:


The subdomains registered above recommend the cybercriminals may also have targeted American store Sears; Green Dot, the world’s biggest prepaid card vendor; payment processing firm Elavon; hosting firm Rackspace; enterprise advising firm Avanade; IT provider PCM; and French consulting organization Capgemini, among others. Experts say that such an incident will lose confidence in cybersecurity as we see in the case of Wipro IT services.

What else they did 

It shows the attackers, in this case, are targeting organizations that in one form or another have access to either a ton of third-party organization resources and/or organization that can be abused to conduct gift card scam.

Wednesday’s follow-up on the Wipro IT service breach stated an anonymous source close to the examination saying the criminals accountable for breaching. Wipro appears to be after anything they can turn into cash fairly rapidly. That foundation, who works for a big U.S. retailer, said the crooks who broke into Wipro used their authorization to perpetrate gift card scam at the vender’s stores.

Some other source stated the investigation into the Wipro IT service breach by a third party organization has considered so far the invaders compromised more than 100 Wipro IT service systems and installed on each of them ScreenConnect, a genuine remote entree tool. Investigators think the invaders were using the ScreenConnect software on the hacked Wipro IT service systems to link remotely to Wipro client systems, which were then managed to leverage further access into Wipro clients’ networks.

It is curiously similar to the activity that was targeted against a U.S. based organization in 2016 and 2017. In May 2018, Maritz Holdings Inc., a Missouri-based firm that manages client loyalty and gift card agendas for third-parties, sued Cognizant (PDF), saying a forensic investigation considered that hackers used Cognizant’s pattern in an attack on Maritz’s loyalty program that netted the attackers more than $11 million in fake eGift cards.

That investigation examined the cyber-attacker also utilized ScreenConnect to access PCs related to Maritz employees. “This was the same feature that was used to effectuate the cyber-attack in Spring 2016. Intersec j[the forensic investigator] also considered that the attackers had run searches on the Maritz system for specific words and phrases linked to the Spring 2016 attack.”

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...