Microsoft says ‘Anonymous Sudan’ launched massive DDoS attacks on Outlook, OneDrive, and other Microsoft 365 services, bringing them to their knees.
Microsoft has confirmed that the service outages for Outlook, OneDrive, and other Microsoft 365 services on June 5 were caused by a malicious attack. Hackers flooded Microsoft’s servers with denial-of-service (DDoS) attacks and brought them to their overload limit. The traffic sent to the servers increased so massively due to the DDOS attacks that they could no longer process the requests, bringing Microsoft’s services to their knees.
This meant Microsoft customers could no longer retrieve or write new emails in Outlook. Communication via Teams was also disrupted and calendars no longer synchronized. The OneDrive web portal went down and various Azure services were no longer available.
Microsoft writes:
“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.
These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.”
Customer data should be safe
The most important statement comes in the next sentence of Microsoft’s disclosure: “We have seen no evidence that customer data has been accessed or compromised.”
The hackers used a so-called “Layer 7 DDoS” attack. In a DDoS attack on layer 7, attackers act on the application level and send such a large number of requests to the targeted online services that they can no longer process the requests and come to a standstill. The hackers used three different types of Layer 7 DDoS attacks to batter Microsoft services.
Alleged Sudanese hacker group
As mentioned above, Microsoft identified the hacker group Storm-1359 as the originator of the attacks. This group also refers to itself as “Anonymous Sudan.” The group had declared that it would carry out attacks against any country that opposed Sudan. This hacker group has been known since January 2023, Bleeping Computer writes. Anonymous Sudan has already attacked various organizations and government institutions around the globe, forcing them offline or even stealing data.
Sudan is currently in the throes of a bloody civil war. There are also suspicions that Russia could have strong ties to Anonymous Sudan, however.