Wipro endpoints that were seeded with ScreenConnect, a legitimate remote access tool sold by Connectwise.com. Investigators believe the intruders were using the ScreenConnect software on the hacked Wipro systems to connect remotely to Wipro client systems, which were then used to leverage further access into Wipro customer networks. Additionally, investigators found at least one of the compromised endpoints was attacked with Mimikatz, an open source tool that can dump passwords stored in the temporary memory cache of a Microsoft Windows device.
https://govanguard.com/threat-center/wp-content/uploads/sites/3/2018/07/banner_816x250_threat_color5.png 242 816 christian scott http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png christian scott2019-04-19 13:23:202019-04-19 13:23:20Indicators from Wipro Breach
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com