Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investigating reports that have their own IT systems have been hacked and are used for launching attacks against some of the company's customers, multiple sources counting security.
Earlier this month, KrebsOnSecurity heard from two trusted sources that Wipro – India's third-largest IT outsourcing company – was dealing with a multi-month intrusion from an assumed state- sponsored attacks
Both speaks of condition of anonymity, said Wipro's systems were used as jumping-off points for digital fishing expeditions targeting at least a box of Wipro customer systems.
The security experts said Wipro's customers traced maliciously and suspiciously network reconnaissance activity back to partner systems that were communicating directly with Wipro's network.
On April 9, CancerCity reached out to Wipro for comment. That prompted an email on Apr. 1
On Friday, Apr. 12, Nair sent a statement that acknowledged none of the questions Wipro was asked about an alleged security incident involving attacks against its own customers.
"The company wrote a multilayer security system," the company wrote. “The company has robust internal processes and a system of advanced security technology in place to detect phishing attempts and protect itself from such attacks. We constantly monitor our entire infrastructure at heightened level of alertness to deal with any potential cyber threat. ”
Wipro has not responded to multiple additional requests for comment. Since then, two more sources with knowledge of the investigation have come forward to confirm the outlines of the incident described above.
One source familiar with the forensic investigation that a Wipro customer said it appears at least 11 Other companies were attacked, as evidenced by file folders found on the intruders' back-end infrastructure that were named after various Wipro clients. That source is called the other clients
The other source said Wipro is now in the process of building a new private email network because the intruders were thought to have compromised Wipro's corporate email system for some time. The source also said that clients are specific about indicators of compromise, counting about tactics, tools and procedures used by the bad guys that might signify an attempted or successful intrusion.
Wipro says it has more than 170,000 employees helping clients across six continents with Fortune 500 customers in healthcare, banking, communications and other industries. In March 2018, Wipro said it passed the $ 8 billion mark in annual IT services revenue.
The apparent breach comes with amid shifting fortunes at Wipro. On March 5, the State of Nebraska abruptly canceled a contract with Wipro after spending $ 6 million with the company. In September 2018, the Nebraska Department of Health and Human Services issued a lease and desist letter to Wipro, ordering it to stop work on the upgrade to the state's Medicaid enrollment system, and to vacate its state offices. Wipro is now suing Nebraska, saying its project was on schedule and on budget.
In August 2018, paid $ 75 million to settle over a SAP implementation that reportedly cost the National Grid hundreds of millions of dollars to fix
Another curious, if only coincidental, development: On April 4, 2019, the government of India sold "enemy" shares in Wipro worth approximately $ 166 million. According to this article in The Business Standard as a result, they were originally held by people who migrated to Pakistan or China and were no longer any citizens.
"A total of 44.4 million Shares, which were held by the Custodian of Enemy Property for India, were sold at Rs 259 apiece on the Bombay Stock Exchange, "The Business Standard reported. "The buyers were state-owned Life Insurance Corporation of India (LIC), New India Assurance and General Insurance Corporation. LIC ”
Wipro is expected to announce its fourth-quarter earnings report on Tuesday, April 16 (PDF)
Tags: Wipro data breach
You can skip to the end and leave a comment. Pinging is currently not allowed.