The group responsible for conducting a phishing attack against Indian IT consulting firm Wipro and its clients has since mid-2016 been conducting a far-reaching gift card fraud operation targeting an array of businesses, a new report states.
What's more, the malicious activity bear certain hallmarks of a state-sponsored actor with financial motives, according to a new threat report from RiskIQ threat researchers Yonathan Klijnsma and senior Product Manager Steve Ginty. The report notes that one of the PowerShell scripts used by the group, BabySharkPro, is typically tied to North Korean threat activity – but its presence could be a false flag.
RiskIQ profiled the group by examining infrastructure overlap in PowerDNS, WHOIS records and SSL certificate data, according to a company press release. "The sheer scale of the infrastructure involved in this campaign and the concerted effort to attack so many different organizations at once is both impressive and disturbing," said Klijnsma in the release.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.