Analysis & Insights

SolarWinds Breach: What you need to know and do

Ensign's plans and procedures in response to the recent breach involving SolarWinds.

The Situation

A widespread campaign by a nation-state actor involving SolarWinds was uncovered by FireEye recently. The campaign used a trojanised version of SolarWinds Orion updates, which was digitally signed between March and May 2020, and uploaded to the SolarWinds’ update website. At least two top vendors were breached, and this incident has serious implications to the cybersecurity industry, its supplier chains and organisations using the affected products.

Our Commitment

The situation is fast evolving as details of the breach are being announced and more affected parties are made known. Ensign will continue to keep a close watch and provide relevant insights and recommendations to the community. Throughout this year-end festive period, Ensign continues to be available to clients who require assistance on any cyber-related matters.

Our Actions

Ensuring our customers are secured - Security of our clients is key
  • We have updated our detection capabilities based on the latest IOCs published, and we have compressed our SOC process to review and update such detection rules to keep pace with the rollout of such information.
  • We have informed customers who are known to be affected by the incident, and we will stand ready to provide any assistance required.
Securing Ensign
  • We have conducted internal threat hunt and reviewed our defences to ensure that we have eradicated known vulnerabilities in our environment.
  • We have coordinated with our regional offices to step up on efforts in terms of threat detection and client support.
Enhanced Monitoring
  • We are stepping up our SOC operations to keep tabs of the evolving situation and handle any response actions required.
  • Deep analysis is ongoing to uncover attack trends, patterns and TTPs (tactics-techniques-procedures) - these insights will be shared when ready.

Our Recommendations

As investigations are underway, we are expecting additional malware and TTPs to be uncovered. We will continue to provide updates on the incident, and inform you about additional rules and IOCs.

If you suspect that you could have been affected by the incident, you can contact us at, or call us for digital forensic and incident response services.