Wipro Computers Hacked- Cyber Attackers Active Since 2015

Cyber Attacks
Cyber Attacks

Wipro is the India’s largest IT outsourcing and consulting organizations.

The Flashpoint security researchers Jason Reaves, Joshua Platt and Allision Nixon, claimed that the hackers were active since 2015. Cyber attackers were using Remote access tool ‘Screenconnect’ to allegldy breached Wipro employee computers. Some of the malicious domain were hosting powerkatz and powersploit scripts used in Cyber attack.

Security researchers said, the threat actors to other malicious activity dating back to 2017, and possibly 2015, as well as the re-use of infrastructure from those older attacks. Last month, the malicious campaign had targeted some of Wipro employee accounts.

ScreenConnect is a remote access tool that can be used in support engagements or for remote meetings. Powerkatz is a PowerShell version of Mimikatz, a post-exploitation tool that is able to search memory for credentials, tokens, and other artifacts related to authentication. Powersploit, meanwhile, is a collection of PowerShell modules used during penetration-testing engagements to launch exploits at a target.

Flashpoint researchers analysis that a half-dozen were malicious domains hosting templates consistent with credential phishing attempts. The templates sought victims’ Windows usernames and passwords in order to allegedly access encrypted email.

The threat actors targeted the credentials of victims—in various industries—likely in order to gain access to the portals managing their gift card and rewards programs.

Reaves and Platt told Threatpost that the event underscores the security implications of third-party relationships.

“While most organizations seek out various types of third-party support in order to gain access to certain resources, cut costs, and/or boost efficiency, among other reasons, it’s important to consider that third parties can also increase the vectors and/or footprint through which a potential attack could transpire,” they noted. “If an organization chooses to work with a third-party vendor with insufficient security practices or capabilities, it will face the risk of being impacted by that vendor’s security posture.”

“Wipro can confirm that it was among the targets of a coordinated and advanced phishing campaign reportedly directed against several companies. As soon as we became aware of the campaign, we began an investigation, identified potentially affected users, promptly informed the customers with whom these employees were engaged and began taking remedial steps to contain and mitigate any potential impact,” the spokesperson said to DarkReading.

“We have applied additional security measures to further strengthen our systems, and continue to monitor our enterprise infrastructure at a heightened level of alertness. We have engaged an independent forensic firm to assist us in the investigation, while our partners in the security domain who have an understanding of our operations are supporting us in the remediation efforts”.

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Do VPNs Mitigate or Enhance Security Risks?

At the moment every one of us is at the risk of...
Read More

Leave a Reply