Content, Breach, Channel partners, Content

Wipro Hackers May Date Back to 2015

Wipro's data breach, reported last month, was the result of threat actors dating back to 2017 and possibly 2015, according to business risk intelligence provider Flashpoint.

The Wipro threat actors used at least six malicious domains and IP addresses, hashes and file names hosting templates consistent with credential phishing attempts, Flashpoint stated. They also tried to obtain victims' Windows usernames and passwords to access encrypted email and exploited various legitimate security applications.

A Closer Look at the Wipro Data Breach

The Wipro data breach occurred between March 16 and March 19 and affected more than 20 Wipro employees, security researcher Krebs on Security indicated. Threat actors also gained access to more than 100 Wipro computer systems.

Cybercriminals used the ScreenConnect (now ConnectWise Control) remote desktop software application to link remotely to Wipro client systems, Krebs on Security noted. They then were able to access the company's customer networks.

Krebs on Security released details about the Wipro data breach on April 15. Meanwhile, Wipro told Reuters it "detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign," but has no released no other details about the incident.

Wipro is India's third-largest IT outsourcing company. It reported gross revenue of $8.5 billion for the fiscal year ending March 31, which represented a 7.5 percent year-over-year increase.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.