The group responsible for conducting a phishing attack against Indian IT consulting firm Wipro and its clients has since mid-2016 been conducting a far-reaching gift card fraud operation targeting an array of businesses, a new report states.

What's more, the malicious activity bear certain hallmarks of a state-sponsored actor with financial motives, according to a new threat report from RiskIQ threat researchers Yonathan Klijnsma and senior Product Manager Steve Ginty. The report notes that one of the PowerShell scripts used by the group, BabySharkPro, is typically tied to North Korean threat activity – but its presence could be a false flag.

RiskIQ profiled the group by examining infrastructure overlap in PowerDNS, WHOIS records and SSL certificate data, according to a company press release. "The sheer scale of the infrastructure involved in this campaign and the concerted effort to attack so many different organizations at once is both impressive and disturbing," said Klijnsma in the release.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.