Some of the employee accounts of Wipro—one of India’s top IT services firms—may have been hacked due to an advanced phishing campaign, reported Reuters, quoting the company. The company had launched an investigation to contain any potential impact, the report added.
The report was based on Wipro’s response to a Reuters query regarding the breach after cyber security blog KrebsOnSecurity said Wipro’s systems had been breached and were being used to launch attacks against some of its clients.
“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign,” Wipro said in an emailed statement to Reuters.
KrebsOnSecurity, citing anonymous sources, had said that Wipro’s systems were being used to target at least a dozen customer systems.
“It appears at least 11 other companies were attacked, as evidenced from file folders found on the intruders’ back-end infrastructure that were named after various Wipro clients,” KrebsOnSecurity said, quoting “a source familiar with the forensic investigation at a Wipro customer.”
“The company also said it had retained an independent forensic firm to assist in the investigation. Wipro did not say which clients, if any, had been compromised,” said Reuters.