Wipro Says Breach ‘Did Not Impact’ Business

The company also said it did not become aware of the attack until the same day that cybersecurity site KrebsOnSecurity said he reached out to the company.

The high-profile cyber attack on Wipro that reportedly involved at least a dozen of its clients “did not impact the company’s ongoing critical business operations,” according to a letter the Indian IT firm sent to managers of the stock exchanges where it’s traded.

Wipro also said that it learned of the attack “about 10 days ago” or the the same day that KrebsOnSecurity said it first reached out to the company, according to an April 19 letter sent to managers at the New York Stock Exchange, Bombay Stock Exchange and National Stock Exchange of India,

KrebsOnSecurity broke the story on April 15 that Wipro’s network along with a dozen of its customers had been hit, and it was in the process of building out a new email system as part of the response.

Bengaluru, India-based Wipro said in the letter that upon learning of the attack it began investigating, identified and isolated employee accounts that were hit, took remedial steps to contain the threat, and “mitigate any potential effects of the incident.”

“The Company has used its industry leading Cyber Security practices and partner ecosystem for remedial steps and has shared this intelligence with its partners to develop the AntiVirus signatures. The same has been applied to our enterprise systems,” Wipro said in its letter, published Monday in a filing with the SEC. “We are collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing our security posture. We continue to monitor our enterprise infrastructure at heightened level of alertness. We would like to clarify that the incident did not impact the Company’s ongoing critical business operations.”

The attack has been described by Wipro executives as an “advanced phishing campaign” against “a few” of its employees.

KrebsOnSecurity said one attack happened on March 11, while another campaign ran from March 16 to March 19, meaning that according to the company’s timeline it was not aware that its systems had been attacked for 29 days, according to their letter.

As news of the attack spread last week, the number of victims also appeared to blossom to include other IT mainstays such as Avenade, and Capgemini, which both confirmed to CRN that they had been targeted, but had successfully fended off the attack.

An Avanade spokesperson confirmed that the Seattle-based solution provider was also a target of the multi-company security incident, with 34 of the company's employees being impacted in February. The $2 billion company employs 30,000 professionals, and was No. 28 on the 2017 CRN Solution Provider 500.

However, the spokesperson said there was no impact to Avanade's client portfolio or sensitive customer data since the company was able to swiftly contain and remediate the situation by leveraging its cyber incident response efforts and technologies. And a review by the Microsoft-Accenture joint venture concluded that the February breach was an isolated incident, the spokesperson said.

Similarly, Capgemini said its internal Security Operations Center (SOC) detected suspicious activity on a "very limited number" of laptops and servers between March 4 and March 19, however the attack was stopped with immediate remedial action, and had no impact on business, the company said.