Microsoft confirmed that early June disruptions in service of some of its services were Distributed Denial of Service (DDoS) attacks
. The malicious actor, dubbed Storm-1359 by Microsoft, impacted the availability of Outlook, Microsoft Teams, SharePoint Online, OneDrive for Business, and Azure for as many as 18,000 users.
The tech giant first noticed an unusual surge in traffic on June 5, with the attacks continuing to affect more of its services throughout the week. Upon closer inspection, Microsoft confirmed the service outage was due to Layer 7 DDoS attacks, specifically HTTP(S) flood attacks, cache bypass, and slowloris. According to the company, the motives of the threat actor were “disruption and publicity.”
A hacktivist group that goes by the name Anonymous Sudan claimed responsibility on its Telegram channel immediately after the attacks, sharing it disrupted Microsoft’s services with junk traffic over a series of DDoS attacks
Most cybersecurity experts hypothesize the group is most likely not from Sudan. They suspect Microsoft knows the true identities behind the Storm-1359 nickname, and some security researchers believe there are possible connections to Kremlin-affiliated pro-Russian groups like Killnet, which are known for spreading pro-Russian propaganda and misinformation.
Microsoft hasn’t disclosed the attack’s magnitude but some cybersecurity experts believe it’s one of the biggest DDoS attacks on Microsoft’s services to date. Jake Williams, a former National Security Agency officer from the hacking unit, told the Associated Press (AP) that he believes this to be the hardest hit on Outlook yet
“We know some resources were inaccessible for some, but not others. This often happens with DDoS attacks of globally distributed systems,” he explained, adding that Microsoft’s reluctance to unveil the scale of the impact “probably speaks to the magnitude.”
According to Microsoft, customer data was not compromised during the attacks. The corporation also provided recommendations on how users can protect themselves from layer 7 DDoS attacks
in the future.
In April, Microsoft launched Security Copilot
, a new GPT-4-based cybersecurity tool designed to help cybersecurity professionals identify and fight against security issues “at the speed and scale of AI.” It’s unclear whether this security analysis tool helped in addressing the latest Microsoft attacks.