One of the largest IT firms in India Wipro has confirmed reports about advanced phishing campaign against its employees.
Wipro was expected to announce its fourth-quarter earnings report on Tuesday confirmed that few of IT employees accounts were affected in the advanced phishing campaign.
The company said they took remedial actions to contain and mitigate any potential impacts as soon as the incident was discovered.
The company also hired an independent forensic firm to investigate the incident
The breach was first reported by Brian Krebs of KrebsOnSecurity saying that IT systems of the Wipro were hacked and are being used to launch attacks against some of its clients.
According to KrebsOnSecurity two trusted sources, the company was dealing with a multi-month intrusion from a state-sponsored attacker.
“Both sources, who spoke on condition of anonymity, said Wipro’s systems were seen being used as jumping-off points for digital fishing expeditions targeting at least a dozen Wipro customer systems.” said in the blog post published by KrebsOnSecurity
Security experts said that Wipro systems were found used for running an advanced phishing campaign targeting dozen of its customers.
“Wipro’s customers traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro’s network.”
KrebsOnSecurity reported the incident to Wipro on April 9, and the company replied on April 12 through a statement not mentioning anything about the breach incident.
You may be interested in reading:Researchers Discovered New Victim of Powerful Triton Malware