Cyber attackers may have targeted IT majors InfosysNSE -0.97 %, Capgemini and Cognizant to access data of third-party company resources, according to cyber security blog KrebsOnSecurity, with Capgemini confirming to ET that it faced a pattern of attack similar to Wipro’s, but took quick remedial action.
KrebsOnSecurity founder Brian Krebs wrote on Friday that the “crooks responsible for launching phishing campaigns” in computer systems of WiproNSE 1.39 % last month “appear to have targeted” a number of other competing providers.
The blog first reported on Tuesday that Wipro was subject to a systematic attack “over months”, which the company said was a ‘zero-day attack’ that was thwarted and a forensic investigation launched to look into it.
A zero-day attack refers to any cyber attack conducted on the same day that a software vulnerability has been discovered and for which a patch had not been set up to counter effectively.
Capgemini’s internal security centre detected and monitored suspicious activity that showed similar patterns to the attack faced by Wipro, a company spokesperson confirmed in an email to ET.
“This occurred between March 4 and March 19. The activity concentrated on a very limited number of laptops and servers. Immediate remedial action took place. There has been no impact on us or on our clients to date,” the spokesperson added.
Cognizant said although it had seen no indication that any client data was compromised, it was “not unusual for a large company like Cognizant to be the target of spear phishing attempts such as this.”
“Since the criminal activity first surfaced earlier this week and following reports that another service provider’s email system was allegedly compromised, Cognizant’s security experts took immediate and appropriate actions including initiating a review,” a company spokesperson said, adding it has put “additional protocols in place related to this specific industry-wide incident.”
Infosys, the other company mentioned in Krebs’ blog, however said there was no breach in its network, “based on our monitoring and threat intel.”
“This has been ascertained through a thorough analysis of the indicators of compromise that we received from our threat intelligence partners,” the company said in a statement.
The clues so far suggested the “work of a fairly experienced crime group” that was focused on perpetrating gift card fraud, Krebs said in the blog post.
The attackers are targeting companies that, in one form or another, have access to a significant amount of third-party company resources, and/or companies that can be abused to conduct gift card fraud KrebsOnSecurity said it had found clues about tactics, tools and procedures used by the attackers that might signify an attempted or successful intrusion, and were linked to a hosting company in Russia.