Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers
1 min read
Feb 26, 2021
Microsoft is open-sourcing the CodeQL queries that it used to investigate the impact of Sunburst or Solarigate malware planted in the SolarWinds Orion software updates, enabling other organizations to use the queries to perform a similar analysis. Mike Hanley, CSO of GitHub, says CodeQL provides, "key guardrails that help developers avoid incidents and shipping vulnerabilities".
Microsoft released the queries as part of its response to the attack on SolarWinds Orion network monitoring software, which was used to selectively compromise nine US federal agencies and 100 private sector firms, many of which were from the tech sector.
Suspected Russian government-backed hackers compromised SolarWinds' build system in early 2020 to pull off the supply chain attack discovered by Microsoft and FireEye — a feat that Microsoft estimated took at least 1,000 engineers.
