In early June, Microsoft’s flagship office suite, including Outlook email and OneDrive file-sharing apps, faced significant service disruptions.
These disruptions were caused by distributed denial-of-service (DDoS) attacks conducted by a shadowy hacktivist group known as Anonymous Sudan.
Microsoft initially refrained from providing details about the attacks, but they later confirmed the involvement of the Anonymous Sudan group.
However, the company did not disclose the extent of customer impact or whether the disruptions were global.
Read also: Regulators seek to block Microsoft’s acquisition of Activision Blizzard
The DDoS Attacks and Microsoft’s Response
Recently, Microsoft released a blog post in response to a request from The Associated Press, revealing that the DDoS attacks had temporarily affected the availability of some services.
The attackers, aiming for disruption and publicity, utilized rented cloud infrastructure, virtual private networks, and botnets of zombie computers worldwide to bombard Microsoft servers.
Microsoft clarified that there was no evidence of customer data compromise or unauthorized access.
Uncertainty Surrounding the Impact
While DDoS attacks primarily cause inconvenience by rendering websites inaccessible, security experts emphasize that successful interruptions to the services of software giants like Microsoft can disrupt global commerce.
However, without concrete information from Microsoft regarding the scale of the impact, it is challenging to gauge the precise consequences.
Cybersecurity researcher Jake Williams, a former hacker for the National Security Agency, noted that while some resources were inaccessible, others remained unaffected.
This lack of clarity regarding the customer impact underscores the significance of the attack.
Attribution and Possible Connections
Microsoft identified the attackers as Storm-1359, a name assigned to groups whose affiliations are yet to be determined.
Analysts suspect Anonymous Sudan may have connections to Russian hacking groups, including the Kremlin-affiliated Killnet.
Anonymous Sudan collaborates with these pro-Kremlin groups to disseminate pro-Russian propaganda and disinformation.
Recorded Future’s cybersecurity firm highlights that Anonymous Sudan’s claims of being based in Sudan are likely false.
The attribution process can be time-consuming and challenging, particularly when faced with skilled adversaries.
The Persistence of DDoS Attacks
The DDoS attacks on Microsoft’s flagship office suite caused significant disruptions, highlighting the vulnerability of software service giants to such attacks.
Edward Amoroso, CEO of TAG Cyber and an NYU professor, emphasized that DDoS attacks remain a significant and unsolved risk.
He highlighted the need for discussion on this matter, noting that Microsoft’s difficulties in mitigating the attack indicate a single point of failure.
To combat such attacks effectively, it is crucial to distribute services extensively, such as through content distribution networks.
Duration and Impacts of the Microsoft 365 Office Suite Disruptions
The disruptions to the Microsoft 365 office suite had serious consequences, with outage and problem reports peaking at 18,000 on the Downdetector tracker.
Microsoft acknowledged the impact on several services, including Outlook, Microsoft Teams, SharePoint Online, and OneDrive for Business.
The attacks persisted throughout the week, and on June 9, Microsoft confirmed that its Azure cloud computing platform had also been affected.
BleepingComputer.com reported a global outage of the cloud-based OneDrive file-hosting service on June 8. However, desktop OneDrive clients remained unaffected during the incident.
The incident underscores the ongoing challenge posed by DDoS attacks, which remain a significant risk in the cybersecurity landscape. To mitigate the impact of such attacks, companies must adopt distributed service architectures.