BOSTON (AP) — In early June, sporadic but severe service outages affected Microsoft’s flagship office suite — including file-sharing email apps Outlook and OneDrive — and cloud computing platform. An obscure group of hacktivists claimed responsibility, saying it flooded sites with spam traffic in distributed denial-of-service attacks.
Initially reticent to name the cause, Microsoft has now revealed that the shady upstart’s DDoS attacks were to blame.
But the software giant offered few details and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group calling itself Anonymous Sudan was behind the attacks. She claimed responsibility on her Telegram social media channel at the time. Some security researchers he thinks the group is Russian.
Microsoft’s explanation in a blog post friday night followed a request from The Associated Press two days earlier. Sparse on details, the post says the attacks “temporarily affected the availability” of some services. He said the attackers focused on “disruption and advertising” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called zombie computer botnets around the world.
Microsoft said there was no evidence that customer data was accessed or compromised.
While DDoS attacks are primarily a nuisance, rendering websites inaccessible without penetrating them, security experts say they can disrupt the work of millions if they successfully disrupt the services of a software services giant like Microsoft of the which depends so much on global trade.
It is not clear if that is what happened here.
“We really have no way of measuring the impact if Microsoft doesn’t provide that information,” said Jake Williams, a leading cybersecurity researcher and former offensive hacker for the National Security Agency. Williams said he was not aware that Outlook had previously been attacked on this scale.
“We know that some resources were inaccessible to some, but not to others. This often happens with DDoS of globally distributed systems,” added Williams. He said Microsoft’s apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”
Microsoft dubbed the attackers Storm-1359, using a designator that assigns to groups whose affiliation you have not yet established. Cybersecurity research tends to take time, and even then it can be challenging if the adversary is skilled.
Pro-Russian hacking groups, including Killnet, which cybersecurity firm Mandiant says is affiliated with the Kremlin, have been bombarding the government and other websites of Ukraine’s allies with DDoS attacks. In October, some US airport sites were attacked. Analyst Alexander Leslie of cybersecurity firm Recorded Future said Anonymous Sudan is unlikely to be located as it claims in Sudan, an African country. The group works closely with Killnet and other pro-Kremlin groups to spread pro-Russian propaganda and disinformation, he said.
Edward Amoroso, a New York University professor and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all agree to avoid talking about. It is not controversial to call this an unresolved problem.”
He said Microsoft’s difficulties defending against this particular attack suggests “a single point of failure.” The best defense against these attacks is to distribute a service in a massive way, in a content distribution network for example.
In fact, the techniques the attackers used are not ancient, said UK security researcher Kevin Beaumont. “One goes back to 2009,” he said.
severe impacts Microsoft 365 office suite outages were reported on Monday, June 5, with a peak of 18,000 reports of outages and issues on the Downdetector tracker shortly after 11 am ET.
On Twitter that day, microsoft said Outlook, Microsoft Teams, SharePoint Online, and OneDrive for Business were affected.
The attacks continued through the week, and Microsoft confirmed on June 9 that its Azure cloud computing platform had been affected.
On June 8, the computer security news site BleepingComputer.com reported that cloud-based OneDrive file hosting was down globally for a while.
Microsoft said at the time that desktop OneDrive clients were not affected, BleepingComputer reported.
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.