Wipro is probing reports that its own IT system has been hacked and are being used to launch attacks against some of the company’s customers. The outsourcing firm has been dealing with multi-month intrusion from a state-sponsored hacker, as reported by cybersecurity portal KrebsOnSecurity.
The report said, citing two unidentified sources, that Wipro’s systems are being used as a jumping off point for exploits targeting at least a dozen client systems. Wipro’s customers traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro’s network, according to KrebsOnSecurity.
Further to this file folders found on the intruders back-end infrastructure were named after various Wipro clients and suggest that at least a dozen companies were attacked
“The company has robust internal processes and a system of advanced security technology in place to detect phishing attempts and protect itself from such attacks,” Wipro said in a statement to KrebsOnSecurity. “We constantly monitor our entire infrastructure at a heightened level of alertness to deal with any potential cyber threat.”
One source familiar with the forensic investigation at a Wipro customer said it appears at least 11 other companies were attacked, as evidenced from file folders found on the intruders’ back-end infrastructure that were named after various Wipro clients. That source declined to name the other clients.
Wipro is currently in the process of building out a new private email network because the intruders were believed to have compromised the company’s corporate email system for quite some time, another source told KrebsOnSecurity. The company is now telling concerned clients about specific “indicators of compromise,” or clues that might signal an attempted or successful intrusion.
(Image Courtesy: www.indianexpress.com)