Microsoft has released open-source CodeQL queries to detect the malicious implants that were the cause of the SolarWinds attack.
The SolarWinds attack caught the IT world by surprise in December of 2020. A group of hackers managed to infiltrate the networks of a company called SolarWinds and trojanize its most widely used software. The attack was significant as it led to over 250 different companies being impacted after hackers gained access to targeted networks.
Initial investigation into the attack leads to the conclusion that it was done through injecting malware called Sunburst into the Orion Software (SolarWinds software) source code. However, the further investigation provided a different cause for the attack; a malware called SuperNova.
Recently, Microsoft has released an open-source CodeQL query to detect the malicious implants that were the cause of the SolarWinds attack. Microsoft has released these codes, written in C#, on Github.
CodeQL is a strong semantic code analysis engine that works primarily on two stages. In the first stage, it compiles the source code into binaries and simultaneously builds a database that designs the model of the code being compiled. (For interpreted languages, the source code is parsed and an abstract syntax tree model is built).
In the second ..
Support the originator by clicking the read the rest link below.
