Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Microsoft Questioned by German Lawmakers About Russian Hack

Company Officials Reportedly Said Hackers Just Obtained Read-Only Access to Code
Microsoft Questioned by German Lawmakers About Russian Hack
A Microsoft office in Cologne, Germany, in June 2022

Russian nation-state hackers who compromised Microsoft's source code repository gained read-only access but not the ability to change code, top company officials reportedly told a German parliamentary committee on Wednesday.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

The German Parliament's technology oversight committee held a closed-door meeting with Microsoft senior executives following the computing giant's March disclosure that Russian foreign intelligence hackers obtained access to source code repositories and internal systems (see: Russian State Hackers Penetrated Microsoft Code Repositories).

Microsoft tracks the hacker group as Midnight Blizzard; it's also known as APT29 or Cozy Bear. The Biden administration identified it as part of the Russian Foreign Intelligence Service in 2021 when it fingered the group for inserting a backdoor into IT infrastructure software developed by SolarWinds.

Microsoft officials told German lawmakers the hackers only obtained read access to the source code, meaning they couldn't tamper with the code, reported German newspaper Tagesspiegel. The company didn't provide an explanation of how the attack occurred, the paper also reported.

Microsoft officials at the hearing included Ralf Wigand, Microsoft's German national security and IT compliance officer, and two representatives from the company's legal department. Tom Burt, vice president for customer security and trust, testified virtually from Washington.

Scrutiny from German lawmakers comes amid mounting criticism of Microsoft over high-profile security failures. The U.S. Cybersecurity and Infrastructure Security Agency earlier this month invoked emergency powers to direct federal agencies to reset credentials and review account logs for potentially malicious activity in Microsoft environments (see: CISA Warns Russian Microsoft Hackers Targeted Federal Emails).

A review board empaneled by the U.S. Department of Homeland Security this month slammed the company for fostering an inadequate security culture that led to a separate, Chinese-led espionage campaign beginning in 2023 (see: Report Slams Microsoft for Security Blunders in Chinese Hack).

Wednesday's parliamentary hearing was an opportunity for the German lawmakers to understand the scale of the hack and determine whether the hackers may have accessed critical information that could pose a threat to the German government, said Sven Herpig, director of cybersecurity policy and resilience at the German think tank New Responsibility Foundation.

"The German government heavily depends on Microsoft products and may fear about the confidential information, vulnerabilities or other things that may been accessed or are still being accessed by the Russians. The ongoing war in Europe and impending election may have also contributed to the parliamentary interest," said Herpig, who previously worked for the German federal government.

Microsoft did not immediately respond to requests seeking clarification. Tagesspiegel reported the company has agreed to establish regular communications with the committee and the Federal Office for Information Security - better known as BSI.

The German BSI and the federal Interior Ministry also did not respond to requests for comment.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.