Microsoft shares CodeQL queries to scan code for SolarWinds-like implants

During your code reviews (you DO have code reviews?) here’s a useful set of tools to check for compromises…:

Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. […]

To make sure the attackers did not modify their code, Microsoft created CodeQL queries that were used to scan their codebase for malicious implants matching the SolarWinds IOCs.

Today, Microsoft has released their SolarWinds CodeQL queries so that users can scan their source code for potential malicious implants.

“In this blog, we’ll share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.”

“We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may perform a similar analysis,” announced Microsoft in a new blog post.

Using these queries, developers can check their software for malicious modifications similar to those used in the SolarWinds supply-chain attack.


Original Article