Indian Physical Security Company Compromise - Hadwise Technologies
On July 15, 2017, Wapack Labs identified, with high confidence, four keylogged email accounts compromised belonging to an Indian physical security company, Hadwise Technologies Pvt. Ltd. These email accounts were used to collect information from multiple internal Hadwise systems and several external.
Between March 29 and April 4, 2017, Wapack Labs identified multiple two computers logging into Wapack Labs owned botnet and Advanced Persistent Threat (APT) sinkholes, indicating likely (but unconfirmed) compromises of the computers observed checking in. The combination of the two pieces of malware suggest a remote access Trojan is deployed on one IP address, while malware used to spread infections is located on another. It is unclear if the two incidents are related.