{"id":27499,"date":"2019-06-26T12:30:13","date_gmt":"2019-06-26T12:30:13","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/"},"modified":"2019-06-26T12:30:13","modified_gmt":"2019-06-26T12:30:13","slug":"wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/","title":{"rendered":"Wipro wasn&#8217;t a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers"},"content":{"rendered":"<div readability=\"31.212996389892\">\n<h2>Thanks in large part to a counter-phishing product. Doh!<\/h2>\n<p> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/10\/17\/hacker_shutterstock.jpg?x=442&amp;y=293&amp;crop=1\" alt=\"hacker\" width=\"442\" height=\"293\" class=\"article_img\"><\/p>\n<p>If the Wipro hackers didn&#8217;t have black hoodies, we should have a whip-round&#8230;<\/p>\n<\/div>\n<div id=\"body\" readability=\"146.13686440678\">\n<p>The criminals behind the Wipro phishing attack from earlier this year also targeted Western Union, Expedia, Rackspace and a whole host of other big companies, according to threat intel outfit RiskIQ.<\/p>\n<p>In a report published this morning the firm said the Wipro attackers were running a much larger series of phishing campaigns, aimed at extracting cash from hapless businesses whose files had been forcibly encrypted.<\/p>\n<p>Indian outsourcing behemoth Wipro <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2019\/04\/16\/wipro_confirms_flushing_phishers_from_systems\/\" rel=\"noopener noreferrer\">discovered earlier this year that its email systems had been compromised<\/a>, seemingly for some time, by black hats using it as a jumping-off point to target Wipro customers.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2016\/08\/04\/shutterstock_fish_hook_phish.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Fish hook in a clear light blue tropical ocean. Photo by Shutterstock\"><\/p>\n<h2 title=\"Reported to be stepping stone for attacks on customers\">Indian outsourcing giant Wipro confirms flushing phishers from systems<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2019\/04\/16\/wipro_confirms_flushing_phishers_from_systems\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>RiskIQ said it had \u201cidentified at least five distinct attack campaigns based off analysis of the actor-owned infrastructure,\u201d having analysed \u201cboth Passive DNS and SSL certificate data\u201d.<\/p>\n<p>Targeted companies included Western Union, Moneygram, Rackspace, Capgemini, Wipro, Staples, Costco, Expedia, Virgin Pulse, Messagelab and Sendgrid.<\/p>\n<p>A reasonably sophisticated group* with some knowledge of how to cover their traces were behind the attacks \u2013 and were said to have used off-the-shelf phishing templates to compromise the Indian outsourcer, as well as hitting a number of other companies.<\/p>\n<p>Those templates appeared to have been drawn from a counter-phishing training product marketed by Swiss pentesting firm Lucy Security \u2013 though Lucy has strenuously denied to <em>The Register<\/em> that one of its software products was used in the Wipro compromise.<\/p>\n<p>Templates from a Lucy counter-phishing training product were identical to those used by the Wipro attackers, according to RiskIQ, which said in its report: &#8220;Lucy comes with a variety of default phishing templates, and one of these templates was used during most of the phishing campaigns \u2013 including the now notorious Wipro case.&#8221;<\/p>\n<p>&#8220;There is no evidence that [the hackers] used Lucy software, other than using the template design, and our analysis demonstrates significant evidence to the contrary,&#8221; said Colin Bastable, chief exec of Lucy Security. FireEye, which also investigated the group behind the Wipro hack following infosec journalist Brian Krebs&#8217; work to reveal it in the first place, concurred with Bastable in that Lucy&#8217;s software itself did not appear to have been used by the crims.<\/p>\n<p>FireEye&#8217;s CTO of strategic services, Charles Carmakal, told <em>The Register<\/em>: &#8220;The actor commonly uses public or commercially available tools that may already exist in victim environments, such as ScreenConnect, EMCO Remote Installer, CleverControl, Teramind, and Kaseya, to maintain persistence and move laterally.&#8221;<\/p>\n<h3 class=\"crosshead\"><span>Powershell and Mimikatz<\/span><\/h3>\n<p>The Wipro attackers first appeared in May 2016, according to RiskIQ, and went in four distinct waves, mainly targeting services-based businesses such as digital marketing agencies, IT firms, point-of-sale and payment transfer companies and gift card providers. Later waves of attacks retargeted some of the same companies, though each wave saw around 20 to 25 separate businesses being phished.<\/p>\n<p>Those phishing pages were online for just a couple of days \u2013 long enough for targeted victims to see the pages but short enough, so the attackers hoped, to evade detection and takedown.<\/p>\n<p>Having phished their way into the target company, the attackers would then deploy and use the Screenconnect remote control tool, as well as the EMCO Remote Installer. Once Screenconnect was in place on a machine inside the target, the hackers then ran &#8220;small PowerShell scripts to rename the ScreenConnect product name on compromised machines.&#8221;<\/p>\n<p>That Powershell script, named Babysharkpro by the criminals, would also execute a custom Mimikatz build in memory, which would dump the credentials of recently logged-in users on that particular device. Mimikatz is rather popular at the moment among black hats, as <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2019\/06\/25\/global_telcos_hacked\/\" rel=\"noopener noreferrer\">a number of telcos around the world recently found out the hard way<\/a>.<\/p>\n<p>&#8220;The fact that it was custom-compiled makes it an interesting sample \u2013 it does not ever hit the filesystem, as it is executed in memory only,&#8221; commented RiskIQ.<\/p>\n<p>RiskIQ&#8217;s previous research includes a plausible explanation for the British Airways hack (<a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/09\/11\/british_airways_website_scripts\/\" rel=\"noopener noreferrer\">compromised JS on the airline&#8217;s credit card payment page<\/a>) as well as detailed tracking of <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/09\/20\/newegg_hacked_magecart\/\" rel=\"noopener noreferrer\">miscreants using the Magecart malware<\/a>. \u00ae<\/p>\n<h3 class=\"crosshead\"><span>Bootnote<\/span><\/h3>\n<p>* Although RiskIQ named what appeared to be two individuals it had identified from Whois records linked to domains used to host early iterations of their ransomware&#8217;s command-and-control infrastructure, <em>El Reg<\/em> has decided not to reproduce those names or details. There is, after all, little to suggest that those identities themselves hadn&#8217;t been stolen by the criminals.<\/p>\n<\/div>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2019\/06\/26\/wipro_hack_crew_much_bigger_operation_riskiq\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thanks in large part to a counter-phishing product. Doh! The criminals behind the Wipro phishing attack from earlier this year also targeted Western Union, Expedia, Rackspace and a whole host of other big companies, according to threat intel outfit RiskIQ.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":27500,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-27499","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Wipro wasn&#039;t a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wipro wasn&#039;t a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-26T12:30:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"442\" \/>\n\t<meta property=\"og:image:height\" content=\"293\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Wipro wasn&#8217;t a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers\",\"datePublished\":\"2019-06-26T12:30:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/\"},\"wordCount\":762,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/\",\"name\":\"Wipro wasn't a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg\",\"datePublished\":\"2019-06-26T12:30:13+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg\",\"width\":442,\"height\":293},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Wipro wasn&#8217;t a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wipro wasn't a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/","og_locale":"en_US","og_type":"article","og_title":"Wipro wasn't a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-06-26T12:30:13+00:00","og_image":[{"width":442,"height":293,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Wipro wasn&#8217;t a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers","datePublished":"2019-06-26T12:30:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/"},"wordCount":762,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/","url":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/","name":"Wipro wasn't a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg","datePublished":"2019-06-26T12:30:13+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers.jpg","width":442,"height":293},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/wipro-wasnt-a-one-off-same-hacking-crew-targeted-scores-of-firms-big-and-small-researchers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Wipro wasn&#8217;t a one-off: Same hacking crew targeted scores of firms, big and small \u2013 researchers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=27499"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27499\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/27500"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=27499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=27499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=27499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}