Wipro investigates security breach believed to be perpetrated by state-sponsored attacker

Wipro systems compromised following phishing campaign used to target 'at least a dozen' clients, according to insiders

IT services firm Wipro has today admitted that some of its employee accounts may have been hacked following a phishing campaign targeting the company.

The admission follows a report by independent security journalist Brian Krebs, citing anonymous sources, that claimed that Wipro's security had been breached and were being exploited to launch supply chain attacks on some of Wipro clients.

Krebs claimed that a number of sources independently approached him earlier this month to suggest that not only had Wipro been compromised, but that the breach was being used to target some of the company's clients. Krebs added that the attack is believed to be linked to a state-sponsored attacker.

The intruders were thought to have compromised Wipro's corporate email system for some time

Krebs went public with his claims after Wipro failed to respond to his questions - instead providing only a bland PR statement about the company's IT security.

"One source familiar with the forensic investigation at a Wipro customer said it appears at least 11 other companies were attacked, as evidenced from file folders found on the intruders' back-end infrastructure that were named after various Wipro clients," wrote Krebs.

He continued: "Wipro is now in the process of building out a new private email network because the intruders were thought to have compromised Wipro's corporate email system for some time.

"The source also said Wipro is now telling concerned clients about specific ‘indicators of compromise', telltale clues about tactics, tools and procedures used by the bad guys that might signify an attempted or successful intrusion."

We detected potentially abnormal activity in a few employee accounts on our network

After Krebs published his report, Wipro has become more forthcoming. In a statement to Computing, it admitted that it had been attacked: "We detected potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign.

"Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact. We are leveraging our industry-leading cyber security practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture.

"We have also retained a well-respected, independent forensic firm to assist us in the investigation. We continue to monitor our enterprise and infrastructure at a heightened level of alertness."

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.