-
Featured services
Harness innovation to deliver value
Ensure short-term stability as you design a roadmap for new use cases in your industry with emerging technologies.
Explore Connected Industries -
Services
Leverage our capabilities to accelerate your business transformation.
-
Services
Network as a Service
Popular Products
-
Private 5G
Our turnkey private 5G network enables custom-built solutions that are designed around unique use cases and strategies, and deployed, run and optimized through a full network-as-a-service model.
-
Managed Campus Networks
Our Managed Campus Networks services transform campus networks, corporate area networks and interconnected local area networks, and connect smart places and industries.
-
-
Services
Cloud Services
Popular Products
-
Cloud Migration and Transformation Services
Access the people, processes and technologies you need to deliver cloud migration projects that improve your return on investments.
-
Site Reliability Engineering Services
Get the most from your cloud investments when you harness our Site Reliability Engineering Services to support app development and lifecycle management.
-
-
Services
Edge as a Service
Client stories
-
Penske Entertainment and the NTT INDYCAR SERIES
Together with Penske Entertainment, we’re delivering digital innovations for their businesses – including INDYCAR, the sanctioning body of the NTT INDYCAR SERIES – and venues such as the iconic Indianapolis Motor Speedway, home to the Indianapolis 500.
-
Using private wireless networks to power IoT environments with Schneider Electric
Our combined capabilities enable a secure, end-to-end digital on-premises platform that supports different industries with the benefits of private 5G.
-
-
Services
Technology Solutions
-
Services
Global Data Centers
-
Services
Digital Collaboration and CX
IDC MarketScape: Worldwide Datacenter Services 2023 Vendor Assessment
We provide a new kind of intelligent infrastructure to deliver better outcomes through technology.
Get the IDC MarketScape -
-
-
Insights
Recent Insights
-
The Future of Networking in 2025 and Beyond
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
Make zero trust security work for your organization
Make zero trust security work for your organization across hybrid work environments.
-
-
Copilot for Microsoft 365
Everyone can work smarter with a powerful AI tool for everyday work.
Explore Copilot today -
-
Global Employee Experience Trends Report
Excel in EX with research based on interviews with over 1,400 decision-makers across the globe.
Get the EX report -
Discover how we accelerate your business transformation
-
About us
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
NTT DATA and HEINEKEN
HEINEKEN revolutionizes employee experience and collaboration with a hybrid workplace model.
Read the HEINEKEN story -
- Careers
Topics in this article
Jacob Faires, Senior Threat Research Analyst, NTT The Global Threat Intelligence Team (GTIC) monitors active malware campaigns all over the world. The Obasi campaign, named after one of the threat actors, is an active campaign we are currently tracking. This campaign led us to a new Agent Tesla sample that pivoted to a new mailbox not currently being used by any of the other actors of the Obasi campaign.
bk@ibekamine[.]com
The bk@ email is being used for exfiltration by Agent Tesla malware samples. Originally, GTIC thought the address was being managed by the threat actor Zeel Ken Obasi. Further research showed it was a different individual from the same region.
It is common practice for threat actors to send test emails to test the functionality of malware samples. The initial Agent Tesla test email was from a UK IP address (31.3.251.197). After the initial test email, all following IPs point to Lagos, Nigeria as the location of the actor.
105.112.112.57
105.112.112.78
105.112.112.103
105.112.112.195
105.112.113.12
105.112.113.92
105.112.113.134
105.112.114.55
105.112.114.117
105.112.114.201
105.112.120.27
105.112.121.167
Other logs showed similarities to the Obasi campaign:
- Typo squatting and spear phishing
- DNS hosting providers
- Delivery of Agent Tesla
- SMTP exfiltration traffic over port 587 without TLS
- This includes login information. SMTP and IMAP credentials were in clear text.
- Auto forwarding logs
- Unlike Obasi’s campaigns, these logs are primarily forwarded to a Yandex account instead of a mail.ru account.
Operational security (OPSec)
As in the case of Obasi, the actor ran their keylogger malware on themselves. Logs containing information about the actor's machine were found in the mail account. Following the compromised actor’s actions showed them adding a friend, Okoronkwo David, to compromised Facebook accounts.
This led to the Facebook profile for Okoronkwo David.
https://www.facebook.com/kwasky
While it’s possible that this account is fake and managed by the threat actor as a fake persona, the possibility is very low. Other indicators in the campaign show extremely low levels of OPSec, and security in general, practiced by the actor. Passwords are variations on the actor's name and the Agent Tesla sample pre-FUD has the filename kwasky.exe, which is the nickname ascribed to the Facebook page.
IOCs
IPs
31.3.251.197
105.112.112.57
105.112.112.78
105.112.112.103
105.112.112.195
105.112.113.12
105.112.113.92
105.112.113.134
105.112.114.55
105.112.114.117
105.112.114.201
105.112.120.27
105.112.121.167
Domains
smtp.ibemakine.com
Email Addresses
SHA-256
c2c1eaf0012413da59fcce9dbf7eea9b72ab45dbb3d17429fe988158a2e5783d
d263aec0a4d338110aaae8c8ed928d7ef52e87a2fecda08663e4600f57c2a4b7
3999d4d2a2422a55d8c2b0abe9dea38443e42a21dc959d69d2c927cb2ae82db4
6fa5c0456337d4d86aeb7831f6396a8da488dab75fa6cc658c2b4f80cc379465
01da3d69232d85e63cf4a972c62271ba6163af065c146541570b62decb963ab0
19fab115271f6e556f2914eb3cdc32311d886bee1b15f0d151ae72211de31228