Closed intelligence, meaning I cannot say from where, indicates the use of a number of open source tools used in the attack by what appears to be a nation state actor (of your choice). Also expect to see any number of related organizations working with WiPro or similar to have been affected.
Really, we don't publicly know much as WiPro is being very tight-lipped about the incident. From the outside it appears from list of detected tools, thus far, the victims were really caught not paying much attention or the tools involved were used in some very novel ways.
Sorry for being so cryptic, but I am using private sources. I expect this story to have some real long legs. When we determine the final target industry we will have a much better idea as to who is behind these attacks. Plural if not numerous attacks.
Wipro confirmed that they were investigating some "Abnormal activity in a few employee accounts on our network...."
There are also reports that they are bringing in an independent forensic firm to help them investigate.
The communications around the whole situation are ridiculously quiet, while they do their investigation, which could mean it's a "nothing" issues, or a significant one that they want tidied up prior to the media flurry.
After all, they are meant to be reporting their fourth quarter earnings today, so there are more important things to worry about, right?
The Wipro website is showing zero in terms of the alleged incident. I wonder if the UK's ICO is looking at this? or worse still, what if the GDPR police smell something....
Most of what I know from closed sources is either from work or a "private" discussion board that I wormed my way into a year and a half ago.
Not seeing much released on this outside of WiPros new CISO which I want to send him the business card of a good PR person I am acquainted - this guy needs it.