In April 2019, Krebs reported that Wipro, an Indian IT outsourcing company, was the victim a successful cyber attack by suspected state-sponsored actors. The actors leveraged ScreenConnect, a remote administration tool, to gain access to various Wipro systems which were then used as launching points for additional attacks against Wipro’s customers. The follow-on attacks consisted of a phishing campaign capturing data as part of gift card fraud operation.
Additional open sources reported this attack to be part of a larger campaign targeting other major IT firms including Infosys and CapGemini. This report provides analysis on the attack infrastructure and identified targets.
For full Report: link: TIR-19-115-001.pdf