Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds supply-chain attack. The US agencies FBI, CISA, ODNI, and NSA released a joint statement that blames Russia for the attack. Microsoft is open-sourcing several of the C# queries that could be used to assess for code-level IoCs, it also provided detailed information on each query and IoCs analyzed. Microsoft pointed out that these queries should be considered as just a part of the arsenal of tools to use in the investigation.”]
Source: https://securityaffairs.co/wordpress/115056/hacking/microsoft-codeql-queries-solarwinds.html