Threat Management, Malware, Phishing

Researches: Wipro breach part of much larger gift card fraud operation


The group responsible for conducting a phishing attack against Indian IT consulting firm Wipro and its clients has since mid-2016 been conducting a far-reaching gift card fraud operation targeting an array of businesses, a new report states.

What's more, the malicious activity bear certain hallmarks of a state-sponsored actor with financial motives, according to a new threat report from RiskIQ threat researchers Yonathan Klijnsma and senior Product Manager Steve Ginty. The report notes that one of the PowerShell scripts used by the group, BabySharkPro, is typically tied to North Korean threat activity – but its presence could be a false flag.

RiskIQ profiled the group by examining infrastructure overlap in PowerDNS, WHOIS records and SSL certificate data, according to a company press release. "The sheer scale of the infrastructure involved in this campaign and the concerted effort to attack so many different organizations at once is both impressive and disturbing," said Klijnsma in the release.

The group's April attack against Wipro has likely an attempt to expand its reach, the RiskIQ group asserts. Primarily, however, the group has targeted gift card retailers, distributors, and card processors. "With access to this gift card infrastructure, the attackers went on to use money transfer services, clearinghouses, and other payment processing institutions to monetize," the report concludes.

According to RiskIQ, the group has borrowed phishing templates from legitimate security awareness training provider Lucy Security to create their own phishing forms, and has used the digital marketing solutions Socialab, SendGrid and Campaign Monitor for phishing email link-tracking. The actors also have leveraged the legitimate tools ScreenConnect and EMCO Remote Installer to remotely control compromised machines and deploy tools across impacted networks, the report continues.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.