Wipro hacked, internal systems used to attack customers: report

[This story has been updated to include comment previously sought from Wipro]

Wipro is currently investigating what appears to be a serious breach of its networks and systems, which are apparently being used to launch attacks on customers, forcing the outsourcing giant to build a private email service to replace compromised corporate system.

First reported by United States security expert and publisher Brian Krebs, who cited two trusted but anynomous sources, the attack on Wipro is being viewed as a state-sponsored excercise.

The sources told Krebs that Wipro systems are being used as launchpads for attacks on the outsourcer's customers.

Wipro customers under attack traced suspicious traffic back to partner systems communicating directly with the outsourcer's corporate network.

At least eleven companies have been attacked, forensic evidence shows, but it is not known which ones.

A company spokesperson told Krebs that Wipro has robust internal processes and a system of advanced security technology in place to detect and protect against phishing attempts and monitors its entire infrastructure to deal with cyber threats.

Wipro issues statement

On Tuesday afternoon a Wipro spokesperson provided the following statement to iTnews:

“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign.

"Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact," the Wipro statement said.

"We are leveraging our industry-leading cyber security practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture.

"We have also retained a well-respected, independent forensic firm to assist us in the investigation. We continue to monitor our enterprise and infrastructure at a heightened level of alertness.”

Extensive Australian operations

The Indian outsourcer has an extensive business in Australia, and says it has over 2000 local employees and offices in Sydney, Melbourne, Taylors Beach, Canberra, Perth and Brisbane.

It also sponsors the Wipro-Swinburne Innovation Centre at the Swinburne University.

Wipro has won several large outsourcing contracts lately, including the New South Wales Roads and Maritime Services, energy giant Woodside, supermarket chain Woolworths, and Canadian oil and gas company ATCO's Perth operation.

Worldwide, Wipro has some 170,000 staff with over A$10 billion revenue earnt from providing IT services to government departments, banking, telecommunications, energy and many other sectors.

iTnews has contacted Wipro and the Australian Cyber Security Centre for comment.

Last year, the ACSC set up a security posture improvement program for managed service providers, following the global Cloudhopper hacking campaign, that was attributed to Chinese state actors.

Cloudhopper is an Advanced Persistent Threat (APT) hacking group that is believed to have succesfully compromised 12 large technology companies, including IBM and HP.