The compromise was ongoing as of this article's publication, according to RiskIQ.
Scammers seem only to be accelerating their attacks as attention grows.
The crooks are scanning the web for vulnerable Amazon Web Services S3 buckets, according to security vendor RiskIQ.
RiskIQ has found at least five different attack campaigns tied to the perpetrators of the apparent Wipro breach.
Flashpoint detailed an active Magecart-style campaign sweeping up data from more than 100 sites.
The attack bears similarity to Magecart activity, but researchers say a new Magecart group is behind it.