The cyber attackers of Wipro’s networks have been in operation since 2016, using open source, publicly available tooling, according to a security firm, RiskIQ. The attackers typically have used email marketing and analytics tools to develop phishing campaigns that would seem legitimate to their targets’ network security.
In the past, the hackers’ primary targets have included big gift card retailers, distributors and card processors. After getting access to the target’s system, the attackers use money transfer services, clearing houses and other payment processing firms to monetize the attack.
Yonathan Klijnsma, head researcher at RiskIQ, said the breach at India’s second-largest outsourcing firm was part of a broader targeting to expand its reach. RiskIQ believes the attackers wanted to have access to money outside the traditional financial ecosystem.