Wipro has been active since 2015.
Flashpoint researchers have published their findings on the threat actors behind the Wipro hack. The researchers identified a number of indicators connecting the attack to phishing attachments and infrastructure used to carry out previous attack campaigns in 2017 and 2015. The Wipro hack and subsequent attacks against Wipro’s customers looks like gift-card fraud. Flashpoint says the attackers sought access to the portals managing gift card and rewards programs at the targeted organizations. Threatpost reports that the group appears to be organized and sophisticated, although the attack itself wasn't "particularly advanced." The hoods used a number of legitimate red-teaming and remote administration tools to breach companies and conduct reconnaissance. The group's strengths are "strong understanding of corporate relationships and environments as well as considerable attack infrastructure."