The group responsible for conducting a phishing attack against Indian IT consulting firm Wipro and its clients has since mid-2016 been conducting a far-reaching gift card fraud operation targeting an array of businesses, a new report states.
What’s more, the malicious activity bear certain hallmarks of a state-sponsored actor with financial motives, according to a new threat report from RiskIQ threat researchers Yonathan Klijnsma and senior Product Manager Steve Ginty. The report notes that one of the PowerShell scripts used by the group, BabySharkPro, is typically tied to North Korean threat activity – but its presence could be a false flag.
RiskIQ profiled the group by examining infrastructure overlap in PowerDNS, WHOIS records and SSL certificate data, according to a company press release. “The sheer scale of the infrastructure involved in this campaign and the concerted effort to attack so many different organizations at once is both impressive and disturbing,” said Klijnsma in the release.
The group ..
Support the originator by clicking the read the rest link below.
