August 24, 2019

August 23, 2019

Subscribe to Latest Legal News and Analysis

August 22, 2019

Subscribe to Latest Legal News and Analysis

August 21, 2019

Subscribe to Latest Legal News and Analysis

WIPRO Hacked

I have been alerting clients that I know use Wipro, but may have missed some of you.It is being reported that IT outsourcing company Wipro Ltd. has been hacked through several phishing campaigns from what is believed to be a state-sponsored attacker.

According to recent reports, including KrebsonSecurity, sources have stated that “Wipro’s systems were seen being used as jumping-off points for digital fishing expeditions targeting at least a dozen Wipro customer systems.” Apparently, at least 11 of Wipro’s customers have traced malicious and suspicious activity to systems that were communicating with Wipro’s network. It is disputed whether the attack lasted weeks or months.

According to Wipro, it was hit with a zero-day attack. Wipro has sent its affected clients a set of indicators of compromise, which includes clues about tactics, tools and procedures that attackers use that may assist them in determining whether they were compromised during the hop from Wipro’s system to a client’s system. A helpful Wipro client shared the indicators with Wipro and Wipro then sent it to its other clients.

It is also being reported that the successful attack against Wipro was caused by a successful phishing email to one of Wipro’s employees, which was followed by several more successful phishing campaigns against other employees.

There is some concern that Wipro’s systems may still be compromised, so Wipro clients should be aware of this possibility, how it can be used to compromise their system, and prepare for it.

KrebsonSecurity has published the indicators of compromise provided by Wipro clients, which can be accessed here.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...