Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Wipro phishing attack was conducted using ScreenConnect and Powerkatz tools, indicates new intel

Wipro phishing attack was conducted using ScreenConnect and Powerkatz tools, indicates new intel

  • ScreenConnect is a remote access tool (RAT) used for remote meetings.
  • Powerkatz is a PowerShell version of Mimikatz.

New intelligence about the actors behind the attack on India’s largest IT outsourcing and consulting organization Wipro has emerged lately. It is found that the attack on Wipro was conducted using ScreenConnect and Powerkatz.

What does the new update say?

Researchers from threat-intelligence firm Flashpoint have disclosed that the group behind the Wipro attack has links to a phishing campaign dating back to 2017. The campaign focused on gathering credentials to gain access to corporate sites for administering gift cards and reward programs.

The experts further note that the group has been active since 2015 and usually re-uses infrastructure from its older attacks. It is believed that the ultimate goal of the group behind the Wipro attack was to conduct gift-card fraud.

What tools were used against Wipro?

According to Flashpoint researchers, the attackers used two pen-testing tools – ScreenConnect and Powerkatz – to launch the attack against Wipro. While ScreenConnect is a remote access tool (RAT) used for remote meetings, Powerkatz is a post-exploitation tool used to search memory for credentials, tokens, and other artifacts related to authentication.

Powerkatz is a PowerShell version of Mimikatz.

Flashpoint analyzed malicious domains, IP addresses, hashes and filenames related to the attack and found IoCs that links the group with at least 48 other targets between 2015 and 2019. The company’s research highlights that at least half a dozen domains connected to the Wipro attack were linked to past campaigns.

These malicious domains were used to steal victims’ Windows usernames and passwords.

“Of the malicious domains and IP addresses, hashes, and file names, Flashpoint analysts were able to determine that a half-dozen were phishing domains hosting templates consistent with credential phishing attempts. The templates sought victims’ Windows usernames and passwords in order to allegedly access encrypted email,” researchers noted.

Imminent Monitor RAT also used

Flashpoint analysts also found evidence of attempts to spread a malware called Imminent Monitor, a remote administration tool. The malware links the attack to other attack campaigns that used PowerShell scripts. It is a common tactic used by the group to compromise systems.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket