The Wipro threat actors used at least six malicious domains and IP addresses, hashes and file names hosting templates consistent with credential phishing attempts, Flashpoint stated. They also tried to obtain victims' Windows usernames and passwords to access encrypted email and exploited various legitimate security applications.
A Closer Look at the Wipro Data Breach
The Wipro data breach occurred between March 16 and March 19 and affected more than 20 Wipro employees, security researcher Krebs on Security indicated. Threat actors also gained access to more than 100 Wipro computer systems.
Cybercriminals used the ScreenConnect (now ConnectWise Control) remote desktop software application to link remotely to Wipro client systems, Krebs on Security noted. They then were able to access the company's customer networks.
Krebs on Security released details about the Wipro data breach on April 15. Meanwhile, Wipro told Reuters it "detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign," but has no released no other details about the incident.
Wipro is India's third-largest IT outsourcing company. It reported gross revenue of $8.5 billion for the fiscal year ending March 31, which represented a 7.5 percent year-over-year increase.