Indian IT outsourcing and consulting giant Wipro notified the company was recently breached after a state-sponsored phishing attack was launched against it. The company stated that it was ‘dealing with a multi-month intrusion from an assumed state-sponsored attacker,’ in a recent statement.
“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign. Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact,” Wipro Ltd said in a statement to Economic Times.
The attack surfaced at its headquarters in the Indian city of Bengaluru. Wipro traced malicious activity on the network and the company have begun a forensic investigation of the incident. “We are leveraging our industry-leading cybersecurity practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture. We have also retained a well-respected, independent forensic firm to assist us in the investigation. We continue to monitor our enterprise and infrastructure at a heightened level of alertness,” the statement added.
According to reports from Kerbs On Security, “One source familiar with the forensic investigation at a Wipro customer said it appears at least 11 other companies were attacked, as evidenced from file folders found on the intruders’ back-end infrastructure that were named after various Wipro clients.”
Wipro is now in the process of building out a new private email network because the intruders were thought to have compromised Wipro’s corporate email system for some time. The source also said Wipro is now telling concerned clients about specific ‘indicators of compromise’, telltale clues about tactics, tools and procedures used by the bad guys that might signify an attempted or successful intrusion.”