https://www.darkreading.com/attacks-breaches/attackers-used-red-team-pen-testing-tools-to-hack-wipro/d/d-id/1334586 By Robert Lemos Dark Reading 5/1/2019 The breach of outsourcing firm Wipro is a cybercriminal operation using tools common to red teams and penetration testers and has likely been active as far back as 2015, according to an analysis published by threat-intelligence firm Flashpoint. The group behind the breach has links to a phishing campaign that focuses on gathering credentials to gain access to corporate sites for administering gift card and reward programs, two researchers with threat-intelligence firm Flashpoint stated in the analysis. The attackers used ScreenConnect, a remote access tool (RAT) often used by penetration testers in support engagements, and Powerkatz, a post-exploitation tool often used by red teams, says Jason Reaves, a principal threat researcher at Flashpoint. "The tools used to breach companies are common to pen-testing and red teams," he says. "The actors perform recon like traditional red teams and cloak themselves within that environment. They have a preference for the ScreenConnect utility but also utilize RDP, which is common in most corporate environments." [...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
