The Wipro incident was only a small part of what emerged as an entire campaign. The group’s numerous concurrent attacks display hallmarks of some state-sponsored activity such as precision, organization and likely, a financial motive. One of the scripts used by the group, BabySharkPro, is often associated with North Korean threat activity. However, this may have been a false flag put in place to mislead researchers. The sheer scale of the infrastructure involved in this campaign is both impressive and disturbing.”]
Source: https://www.darkreading.com/abtv/phishing/wipro-breach-actually-a-whole-campaign/a/d-id/752452