Wipro investigating potential breach of few employee accounts by "advanced phishing campaign", ropes in forensic firm
IT major Wipro Tuesday said a few of its employee accounts had been affected by an "advanced phishing campaign", and the company has taken remedial steps to contain its impact.
IT major Wipro Tuesday said a few of its employee accounts had been affected by an "advanced phishing campaign", and the company has taken remedial steps to contain and mitigate any potential impact. The Bengaluru-based company has also retained an independent forensic firm to assist in its investigation of the matter.
Cybersecurity blog KrebsOnSecurity had said that Wipro's systems had been breached and were being used to launch attacks against some of its clients. Wipro said it had detected a potentially abnormal activity in a few employee accounts on its network due to an advanced phishing campaign. Upon learning of the incident, the IT major said it promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact. Asked if there could be legal ramifications from the breach, Wipro CEO Abidali Z Neemuchwala answered in the negative.
See Zee Business Live TV streaming below:
"...As part of standard protocol, we inform those customers, make sure there is no impact on them. So between the chief information security officer of Wipro and those customers, there are regular conversation which happen and the industry works together in a cooperative manner because bad actors continue to try to attack various enterprises," he said. Neemuchwala said the alert was detected about a week ago and Wipro has informed the "handful customers" with whom it believes the said employees of Wipro were associated.
Wipro said it is leveraging its cyber-security practices and collaborating with its partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture.
"We have also retained a well-respected, independent forensic firm to assist us in the investigation. We continue to monitor our enterprise and infrastructure at a heightened level of alertness," it added.
KrebsOnSecurity had cited sources to state that Wipro was "dealing with a multi-month intrusion from an assumed state-sponsored attacker" and that Wipro's systems were seen being used as jumping-off points for digital phishing expeditions targeting at least a dozen Wipro customer systems.
10:57 PM IST