The high-profile cyber attack on Wipro that reportedly involved at least a dozen of its clients “did not impact the company’s ongoing critical business operations,” according to a letter the Indian IT firm sent to managers of the stock exchanges where it’s traded.
Wipro also said that it learned of the attack “about 10 days ago” or the the same day that KrebsOnSecurity said it first reached out to the company, according to an 19 April letter sent to managers at the New York Stock Exchange, Bombay Stock Exchange and National Stock Exchange of India,
KrebsOnSecurity broke the story on 15 April that Wipro’s network along with a dozen of its customers had been hit, and it was in the process of building out a new email system as part of the response.
Wipro said in the letter that upon learning of the attack it began investigating, identified and isolated employee accounts that were hit, took remedial steps to contain the threat, and “mitigate any potential effects of the incident.”
“The company has used its industry leading Cyber Security practices and partner ecosystem for remedial steps and has shared this intelligence with its partners to develop the AntiVirus signatures. The same has been applied to our enterprise systems,” Wipro said in its letter, published Monday in a filing with the SEC.
“We are collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing our security posture. We continue to monitor our enterprise infrastructure at heightened level of alertness. We would like to clarify that the incident did not impact the company’s ongoing critical business operations.”
The attack has been described by Wipro executives as an “advanced phishing campaign” against “a few” of its employees.
KrebsOnSecurity said one attack happened on 11 March, while another campaign ran from 16 March to 19 March, meaning that according to the company’s timeline it was not aware that its systems had been attacked for 29 days, according to their letter.
As news of the attack spread last week, the number of victims also appeared to blossom to include other IT mainstays such as Avenade, and Capgemini, which both confirmed to CRN USA that they had been targeted, but had successfully fended off the attack.
An Avanade spokesperson confirmed it was also a target of the multi-company security incident, with 34 of the company's employees being impacted in February. The US$2 billion company employs 30,000 professionals.
However, the spokesperson said there was no impact to Avanade's client portfolio or sensitive customer data since the company was able to swiftly contain and remediate the situation by leveraging its cyber incident response efforts and technologies. And a review by the Microsoft-Accenture joint venture concluded that the February breach was an isolated incident, the spokesperson said.
Similarly, Capgemini said its internal Security Operations Centre (SOC) detected suspicious activity on a "very limited number" of laptops and servers between 4 March and 19 March, however the attack was stopped with immediate remedial action, and had no impact on business, the company said.