I have been alerting clients that I know use Wipro, but may have missed some of you. It is being reported that IT outsourcing company Wipro Ltd. has been hacked through several phishing campaigns from what is believed to be a state-sponsored attacker.

According to recent reports, including KrebsonSecurity, sources have stated that “Wipro’s systems were seen being used as jumping-off points for digital fishing expeditions targeting at least a dozen Wipro customer systems.” Apparently, at least 11 of Wipro’s customers have traced malicious and suspicious activity to systems that were communicating with Wipro’s network. It is disputed whether the attack lasted weeks or months.

According to Wipro, it was hit with a zero-day attack. Wipro has sent its affected clients a set of indicators of compromise, which includes clues about tactics, tools and procedures that attackers use that may assist them in determining whether they were compromised during the hop from Wipro’s system to a client’s system. A helpful Wipro client shared the indicators with Wipro and Wipro then sent it to its other clients.

It is also being reported that the successful attack against Wipro was caused by a successful phishing email to one of Wipro’s employees, which was followed by several more successful phishing campaigns against other employees.

There is some concern that Wipro’s systems may still be compromised, so Wipro clients should be aware of this possibility, how it can be used to compromise their system, and prepare for it.

KrebsonSecurity has published the indicators of compromise provided by Wipro clients, which can be accessed here.

View Original Source
Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.