A widespread campaign by a nation-state actor involving SolarWinds was uncovered by FireEye recently. The campaign used a trojanised version of SolarWinds Orion updates, which was digitally signed between March and May 2020, and uploaded to the SolarWinds’ update website. At least two top vendors were breached, and this incident has serious implications to the cybersecurity industry, its supplier chains and organisations using the affected products.
The situation is fast evolving as details of the breach are being announced and more affected parties are made known. Ensign will continue to keep a close watch and provide relevant insights and recommendations to the community. Throughout this year-end festive period, Ensign continues to be available to clients who require assistance on any cyber-related matters.
As investigations are underway, we are expecting additional malware and TTPs to be uncovered. We will continue to provide updates on the incident, and inform you about additional rules and IOCs.
If you suspect that you could have been affected by the incident, you can contact us at marketing@ensigninfosecurity.com, or call us for digital forensic and incident response services.