Microsoft has open sourced the CodeQL queries that it used to identify malicious code implants from the Solorigate attack. CodeQL is an analysis engine used for code inspection, among other things.
Last week, Microsoft finally completed its Solorigate investigation, concluding that while some code files for Azure, Intune, and Exchange were accessed, no customer data was compromised. The cyberattack had caused major concern around the globe because it targeted the United States’ federal departments, the UK, the European Parliament, and thousands of other organizations. Supply chain attacks were executed on SolarWinds, Microsoft, and VMware, with Microsoft President Brad Smith calling it «a moment of reckoning». Now, Microsoft has open sourced the CodeQL queries that it utilized in the Solorigate investigation.
