Wipro Breached, Used As Launching Point For Customer Attacks: Report
Wipro has been dealing with a multi-month intrusion from a state-sponsored hacker, and had its systems used as a jumping off point for attacks targeting at least a dozen client systems, according to a KrebsOnSecurity report.
Wipro is probing reports that its own IT systems have been hacked and are being used to launch attacks against some of the company's customers, according to media reports.
Bengaluru, India-based IT outsourcing giant Wipro has been dealing with a multi-month intrusion from a state-sponsored hacker, two independent sources told KrebsOnSecurity. The sources indicated that Wipro's systems are being used as a jumping off point for exploits targeting at least a dozen client systems.
Wipro's customers traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro's network, according to KrebsOnSecurity. File folders found on the intruders' back-end infrastructure were named after various Wipro clients, a source told KrebsOnSecurity, and suggest that at least a dozen companies were attacked.
[Related: Wipro President Rajan Kohli On Digital Transformation And The Firm’s Biggest Growth Drivers]
Wipro didn't directly address KrebsOnSecurity questions about the breach, and didn't immediately respond to a request for comment from CRN. The company's stock is down $0.09 (2.05%) to $4.30 in after-hours trading Monday.
"The company has robust internal processes and a system of advanced security technology in place to detect phishing attempts and protect itself from such attacks," Wipro said in a statement to KrebsOnSecurity. "We constantly monitor our entire infrastructure at a heightened level of alertness to deal with any potential cyber threat."
Wipro is currently in the process of building out a new private email network because the intruders were believed to have compromised the company's corporate email system for quite some time, another source told KrebsOnSecurity. The company is now telling concerned clients about specific "indicators of compromise," or clues that might signal an attempted or successful intrusion.
The reported breach at Wipro comes just four months after two hackers associated with Chinese advanced persistent threat (APT) group APT10 were indicted by the U.S. Department of Justice for attempting to break into more than 45 U.S. technology companies and U.S. government agencies, as well as several MSPs.
The only organization to voluntarily identity themselves as a victim of APT10's multiyear "Operation Cloud Hopper" campaign was Visma, a $1 billion Norwegian business software provider. Reuters reported that the managed services businesses of Hewlett Packard Enterprise - which divested that part of its business in 2017 as part of a spin-in merger to form DXC Technology - and IBM were also among the IT firms breached by Chinese hackers in the attack.
In January 2019, the National Counterintelligence and Security Center launched a public campaign to educate businesses about the risks related to cyberattacks from foreign intelligence entities. The effort identified corporate supply chains as one of the primary targets, wherein threat actors attack a business' suppliers – including solution providers and MSPs – to gain access to the end client's corporate network.
In an interview with CRN last week, Wipro Digital President Rajan Kohli identified cybersecurity as one of the company's four main areas of investment thanks to the increased connectivity and digitization of networks. Specifically, Kohli said that a lack of integration between established security products means that customers end up with a lot of data, but very little actionable insight.
"We’re building those dashboards, and building that glue that bind these various products, and helps clients make an actionable insight," Kohli said. The time to response becomes very critical to cybersecurity."
O'Ryan Johnson contributed to this story.