(CTN News) – Outlook email and OneDrive file-sharing apps, as well as Microsoft’s cloud computing platform, were plagued by sporadic but serious service disruptions in early June. According to the hacktivist group, the sites were flooded with junk traffic in distributed denial-of-service attacks.
The murky upstart was indeed responsible for the DDoS attacks, Microsoft has revealed.
In addition, the software giant did not immediately comment on how many customers were affected and whether the impact was global.
Anonymous Sudan, the group behind the attacks, confirmed the claim. Telegram’s social media channel at the time claimed responsibility. Security researchers believe the group is Russian.
The Associated Press had requested an explanation from Microsoft two days earlier. The post said the attacks “temporarily affected” some services’ availability. As it was reported, the attackers were targeting “disruption and publicity,” likely using rented cloud infrastructure and virtual private networks to bombard servers from so-called zombie botnets.
Customer data was not compromised or accessed, according to Microsoft.
While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt millions of lives if they succeed in interrupting the services of a software giant like Microsoft on which so much global commerce depends.
Whether that’s what happened here is unclear.
Unless provides the data, we can’t measure the impact,” Jake Williams, a prominent cybersecurity researcher and former National Security Agency offensive hacker, said. In his view, Outlook has never been attacked on this scale before.
It is known that some resources were inaccessible for some users, but not for others. Often, this happens with DDoS attacks on globally distributed systems,” Williams said. apparent reluctance to provide an objective measure of customer impact “probably speaks to its magnitude,” he said.
Microsoft referred to the attackers as Storm-1359, a designation it assigns to groups with which it is still unsure of their affiliation. When faced with a skilled adversary, cybersecurity sleuthing can take a long time.
Killnet, a Kremlin-connected hacking group, has been bombarding government and other sites of Ukraine’s allies with DDoS attacks.
A number of U.S. airports were attacked in October. It is unlikely that Anonymous Sudan is located in Sudan, an African country, as it claims. Among the groups spreading pro-Russian propaganda and disinformation are Killnet and other pro-Kremlin groups.
TAG Cyber CEO Edward Amoroso said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all agree to ignore.” This is an issue that has not been solved.
The best defense against such attacks is to distribute a service massively, such as through a content distribution network.
Attackers used techniques that were not old, according to Kevin Beaumont, an information security researcher. According to him, one of them dates back to 2009.
Microsoft 365 office suite interruptions impacted the tracker Downdetector on Monday June 5, peaking at 18,000 outages shortly after 11 a.m. EDT.
That day, Microsoft said Outlook, Teams, SharePoint Online, and OneDrive for Business were affected.
As attacks continued through the week, confirmed on June 9 that its Azure cloud computing platform had been compromised.
According to BleepingComputer.com, OneDrive’s cloud-based file-hosting service was unavailable worldwide for several hours on June 8.
Bleeping Computer reported at the time that desktop OneDrive clients were not affected.