HomeNewsMicrosoft Has Open-Sourced CodeQL Queries to Scan Code for Malicious Solarwinds Implants

Microsoft Has Open-Sourced CodeQL Queries to Scan Code for Malicious Solarwinds Implants


We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 26/02/2021 by Drashti

Previously, Microsoft has revealed that SolarWinds supply chain attacks have compromised their systems, enabling the attackers to gain access to the limited Azure, Exchange and Intune source code.

It was disclosed in December that SolarWinds was hacked into a supply chain attack by threats actors to modify the legitimate SolarWinds Orion platform. This attack allowed players to have remote access to systems of customers using the platform for the management of the SolarWinds Orion network.

Microsoft has released their QL Queries for SolarWinds for users to scan their source code for malicious implants to ensure none of their code has been modified by attackers.

Using these queries, developers can check their software for malicious modifications similar to those used in the SolarWinds supply-chain attack.

CodeQL is a semántic code analysis device that enables developers to search for syntactic data or behaviour.

Semantic code analysis does not detect the syntactic correctness of the source code, it matches the “meaning” of the code instead.

Using CodeQL, developers can develop a database from their codebase of functionality and syntactic elements and request a specific behaviour.

Developers can then share CodeQL queries publicly to allow other devs to scan their code for similar functionality.

“In this blog, we’ll share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.”

“We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may perform a similar analysis,” announced Microsoft in a new blog post.

Drashti is a free-spirited TheDigitalHacker contributor, who loves writing stories and listening to music. She loves learning and exploring new languages and cultures, and makes sure to click a picture of the same for her Memoir.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...