Earlier in Jun 2023, the company’s flagship office suite, including popular applications like Outlook and OneDrive, as well as its Azure cloud computing platform, experienced intermittent disruptions due to DDoS attacks.
In a recent incident, Microsoft faced a series of disruptive service outages during the early days of June. The company’s flagship office suite, including popular applications like Outlook and OneDrive, as well as its Azure cloud computing platform, experienced intermittent disruptions.
A group of hacktivists, operating under the name “Anonymous Sudan,” claimed responsibility for the attacks, which they carried out through distributed denial-of-service (DDoS) attacks involving overwhelming the sites with junk traffic.
Initially, Microsoft remained tight-lipped about the cause of the disruptions. However, the company has now come forward and disclosed that the DDoS attacks orchestrated by the enigmatic group were indeed responsible.
It is worth noting that in February 2023, Anonymous Sudan also took responsibility for DDoS attacks on SAS Airlines and several Scandinavian media outlets.
Nevertheless, Microsoft has been reluctant to divulge specific details about the scale of the impact or the number of affected customers, nor did it confirm whether the disruptions were global in nature.
A spokesperson for the company acknowledged that Anonymous Sudan was behind the attacks, confirming their claim made on the Telegram social media channel. Some experts in the cybersecurity field suspect the group to have ties to Russia.
In a blog post issued on a Friday evening, Microsoft finally provided an explanation following a request from The Associated Press two days prior. However, the post lacked in-depth information, merely stating that the attacks had “temporarily impacted availability” of certain services.
According to Microsoft, the attackers primarily sought to cause disruption and generate publicity. It is believed that they employed rented cloud infrastructure and virtual private networks (VPNs) to launch their assault on Microsoft servers, utilizing botnets comprised of compromised computers from various locations worldwide.
Microsoft has assured its customers that there is no evidence to suggest any unauthorized access or compromise of customer data during the attacks.
While DDoS attacks are typically regarded as nuisances that render websites temporarily inaccessible without infiltrating them, experts in the field caution that successful disruptions of a software service giant like Microsoft can have far-reaching consequences, impacting the work of millions and causing disruptions in global commerce. However, it remains unclear whether the attacks achieved such levels of disruption in this instance.
For the time being, Microsoft has assigned the attackers the name Storm-1359, a temporary designation used when the company has yet to determine the affiliation of a particular group. Conducting thorough cybersecurity investigations often requires time and presents challenges, especially when dealing with skilled adversaries.
Notably, pro-Russian hacking groups, including Killnet, which cybersecurity firm Mandiant believes to have links to the Kremlin, have been launching DDoS attacks on government and allied websites in Ukraine. The same group also claimed to have leaked the personal details of FBI agents back in December 2022.
In October, several U.S. airport sites also fell victim to similar attacks. Analyst Alexander Leslie from cybersecurity firm Recorded Future expressed doubts regarding the claim made by Anonymous Sudan, suggesting that the group is unlikely to be based in Sudan, as it proclaims. According to Leslie, the group collaborates closely with Killnet and other pro-Kremlin organizations to propagate pro-Russian propaganda and disinformation.