In early June, Microsoft faced significant service disruptions affecting its flagship office suite. Including Outlook email and OneDrive file-sharing apps, as well as its cloud computing platform.
The disruptions were caused by distributed denial-of-service (DDoS) attacks, according to Microsoft. A hacktivist group called Anonymous Sudan claimed responsibility for the attacks. Stating that it flooded the sites with junk traffic.
Anonymous Sudan Takes Credit
Microsoft confirmed that Anonymous Sudan was behind the attacks. Although some security researchers suspect the group to have Russian affiliations.Initially hesitant to disclose the cause.Microsoft recently provided an explanation in a blog post.
However, the post lacked specific details about the impact and the number of affected customers. Microsoft did not comment on whether the disruption was global.
The company did confirm that no customer data was accessed or compromised. The attacks temporarily affected the availability of some services and were primarily focused on disruption and gaining publicity.
It is believed that the attackers utilized rented cloud infrastructure and virtual private networks, employing botnets consisting of compromised computers from different parts of the world.
While DDoS attacks typically pose a nuisance by rendering websites inaccessible. They can significantly disrupt the operations of a software service giant like Microsoft, which plays a crucial role in global commerce.
However, without Microsoft providing further information, it is challenging to measure the extent of the impact. Cybersecurity researcher Jake Williams highlighted that while some resources were inaccessible for some users. Others remained unaffected.
Williams stated that this variation is common in DDoS attacks on globally distributed systems. Microsoft’s reluctance to provide an objective measure of customer impact likely indicates the scale of the disruption.
Microsoft has labeled the attackers as Storm-1359. A designation used when the affiliation of the group is yet to be established.
Determining the identity of the attackers can be a time-consuming process. Especially when dealing with skilled adversaries.
Pro-Russian Connection
Several pro-Russian hacking groups, including Killnet, have been engaging in DDoS attacks on government and allied websites of Ukraine. While Anonymous Sudan claims to be located in Sudan. Cybersecurity firm Recorded Future believes the group is closely associated with Killnet and other pro-Kremlin groups. Working together to spread pro-Russian propaganda and disinformation.
In conclusion, Microsoft has disclosed that the DDoS attacks on its office suite were carried out by Anonymous Sudan. However, the full impact of the attacks and the number of affected customers remain undisclosed, leaving the extent of the disruption unclear.