Items tagged with solarigate

Now that Microsoft’s investigation into the Solorigate hack has concluded, it is time to pick up the pieces and plot a [secure] path forward. In doing this, Microsoft has internally utilized several tools, including CodeQL, to hunt for Solorigate activity. Microsoft, however, “believes in leading with transparency and sharing intelligence with the community for the betterment of security practices and posture across the industry as a whole,” and is subsequently sharing its tools to help other companies in hunting Solorigate. According to Microsoft’s blog post, CodeQL is “a powerful semantic code analysis engine” which works by a two-pronged approach. When code... Read more...
The Solorigate hack, which ensnared Microsoft, is finally coming to a close for the Redmond, Washington-based company. The Microsoft Security Response Center (MSRC) team wrote a blog post explaining what they had found in the now-completed investigation following the SolarWinds ordeal. It seems that while hackers stole some files, it was not a big deal for Microsoft as this only reinforced the policies the company has in place. In December of last year, cybersecurity company FireEye discovered hackers had breached SolarWinds Orion, an IT administration and management software package. The hack was found to date back to Spring of 2020, meaning any Orion customer could have been infiltrated. This... Read more...