Attackers breached Wipro employee accounts and IT systems to launch attacks against its clients

• Multiple anonymous sources suggest that the hacked employee accounts and IT systems are being used to launch attacks against some of the company’s clients.
• One source familiar with the forensic investigation revealed that at least 11 other companies were attacked, as evidenced from file folders found on the attackers’ back-end infrastructure that were named after various Wipro clients.

What is the issue - Indian IT services firm Wipro has disclosed today that some of its employee accounts might have been compromised due to an advanced phishing campaign.

Why it matters - Multiple anonymous sources suggest that the hacked employee accounts and IT systems are being used to launch attacks against some of the company’s clients.

The big picture

Anonymous sources said that the compromised IT systems were used to target at least a dozen Wipro customer systems. However, Wipro has not commented on this.

“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign,” Wipro told Reuters.

Upon learning about the employee accounts breach, the Indian IT firm has hired an independent forensic firm to assist in the investigation.

More companies targeted

However, one source familiar with the forensic investigation revealed that at least 11 other companies were attacked, as evidenced from file folders found on the attackers’ back-end infrastructure that were named after various Wipro clients.

Another trusted source told KrebsOnSecurity that Wipro is now creating a new private email network is now notifying the potentially affected clients about specific “indicators of compromise,” used by threat actors that might signify an attempted or successful intrusion.

“The other source said Wipro is now in the process of building out a new private email network because the intruders were thought to have compromised Wipro’s corporate email system for some time,” KrebsOnSecurity said in a blog.