Indian IT outsourcing giant Wipro has confirmed its internal IT systems have been hacked, after it was reported that its servers are being used to launch attacks against it own customers.

The Wipro hack was first reported by KrebsOnSecurity, who said that it had been contacted by “multiple sources”, and that Wipro had refused to respond to questions about the alleged incident.

Wipro then confirmed to the India Times that it had discovered an intrusion and that it had hired an outside security firm to investigate.

Email compromise?

KrebsOnSecurity reported that it had heard independently from two trusted sources that Wipro was dealing with a multi-month intrusion from an assumed state-sponsored attacker.

Both of those sources told the security website that Wipro’s systems were seen being used as jumping-off points for digital fishing expeditions targeting at least a dozen Wipro customer systems.

KrebsOnSecurity had reported that Wipro was in the process of building a ‘new private email network’ after the attackers apparently compromised Wipro’s corporate email system.

Wipro later confirmed the intrusion to India Times (ET).

“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign,” Wipro said in a statement. “Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.”

“We are leveraging our industry-leading cyber security practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture,” added the Wipro statement.

“We have also retained a well-respected, independent forensic firm to assist us in the investigation,” the firm said. “We continue to monitor our enterprise and infrastructure at a heightened level of alertness.”

Cyber spend

One security expert has warned that some small service providers have reduced their cybersecurity spending, and this could be dangerous in the months ahead.

“Technology and security providers now dominate the list of low hanging fruits for cyber gangs,” explained Ilia Kolochenko, Founder, CEO and chief architect at web security company ImmuniWeb.

“Acting on a highly competitive and turbulent market, small service providers often have to cut their own cybersecurity costs and often disregard even the fundamentals of data protection,” said Kolochenko.

“Large and wealthy companies have such convoluted and intricate systems all over the world, that it’s virtually impossible to secure them,” he added. “Legacy and shadow systems, third-party infrastructure, cloud and outscoring exacerbate the situation and annihilate data security.”

“It is premature to make any decisive conclusions about the Wipro security incident before the company will conduct a comprehensive investigation,” he concluded.

“I’d not speculate on the rumours and wait for an official statement,” Kolochenko said. “The good news is that the incident was detected and is being remediated, while the vast majority of targeted attacks against trusted suppliers remain undetected and actually represent a time bomb.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

14 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

15 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

16 hours ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

18 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

21 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

21 hours ago