Article: Microsoft open sources CodeQL queries used to hunt for Solorigate activity

Code, Free, Open Software

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, such as credential theft, privilege escalation, and lateral movement, to steal sensitive information.

The incident has reminded organizations to reflect not just on their readiness to respond to sophisticated attacks, but also the resilience of their own codebases.

Read Full Article