Attackers breached Wipro employee accounts and IT systems to launch attacks against its clients

A recent report from Wipro, an Indian IT firm had stated that an advanced phishing campaign has probably compromised their employee accounts.

If the said attack was real, it could mean that those hacked employee accounts and IT systems could be used by the attackers to launch attacks against some of the company’s clients.

According to anonymous sources, the compromised systems were used to target at least a dozen Wipro customer systems. Wipro is yet to confirm this claim, though.

“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign,” Wipro told Reuters.

After the breach came into limelight, Wipro hired an independent forensic firm to assist in the investigation.On further inquiry, the forensic firm found out that at least 11 other companies were attacked, as evidenced from file folders found on the attackers’ back-end infrastructure that were named after various Wipro clients.

“The other source said Wipro is now in the process of building out a new private email network because the intruders were thought to have compromised Wipro’s corporate email system for some time,” KrebsOnSecurity said in a blog.