Wipro is probing reports that its own IT systems have been hacked and are being used to launch attacks against some of the company's customers.
KrebsOnSecurity reports that the Indian outsourcing giant has been dealing with a multi-month intrusion from a state-sponsored hacker, according to two independent sources. The sources indicated that Wipro's systems are being used as a jumping off point for exploits targeting at least a dozen client systems.
Wipro's customers traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro's network, according to KrebsOnSecurity. File folders found on the intruders' back-end infrastructure were named after various Wipro clients, a source told KrebsOnSecurity, and suggest that at least a dozen companies were attacked.
Wipro didn't directly address KrebsOnSecurity questions about the breach, and didn't immediately respond to a request for comment from CRN USA.
"The company has robust internal processes and a system of advanced security technology in place to detect phishing attempts and protect itself from such attacks," Wipro said in a statement to KrebsOnSecurity. "We constantly monitor our entire infrastructure at a heightened level of alertness to deal with any potential cyber threat."
Wipro is currently in the process of building out a new private email network because the intruders were believed to have compromised the company's corporate email system for quite some time, another source told KrebsOnSecurity. The company is now telling concerned clients about specific "indicators of compromise," or clues that might signal an attempted or successful intrusion.
In an interview with CRN USA last week, Wipro president Rajan Kohli identified cybersecurity as one of the company's four main areas of investment thanks to the increased connectivity and digitisation of networks. Specifically, Kohli said that a lack of integration between established security products means that customers end up with a lot of data, but very little actionable insight.
"We’re building those dashboards, and building that glue that bind these various products, and helps clients make an actionable insight," Kohli said. The time to response becomes very critical to cybersecurity."
O'Ryan Johnson contributed to this story.
UPDATE, 4PM APRIL 16th.
A Wipro spokesperson has contacted CRN's sibling publication iTnews.com.au with the following statement:
“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign.
Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.
We are leveraging our industry-leading cyber security practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture.
We have also retained a well-respected, independent forensic firm to assist us in the investigation.
We continue to monitor our enterprise and infrastructure at a heightened level of alertness.”