Microsoft experienced service disruptions in its flagship office suite, including the Outlook email and OneDrive file-sharing apps, as well as its cloud computing platform. The cause of the disruptions was initially undisclosed, but Microsoft has now confirmed that the attacks were the result of distributed denial-of-service (DDoS) attacks carried out by a hacktivist group known as Anonymous Sudan. The group claimed responsibility for the attacks on its Telegram social media channel. While Microsoft has not provided specific details on the number of affected customers or the global impact, the company stated that the attacks temporarily impacted the availability of some services.
DDoS attacks, although primarily a nuisance that renders websites unreachable, can cause significant disruptions when they target software service giants like Microsoft. The attacks involve flooding servers with junk traffic, and if successful, they can interrupt critical services relied upon by millions of users worldwide. Microsoft assured that there was no evidence of customer data being accessed or compromised during the attacks.
The magnitude of the impact and the specific details of customer disruption remain unclear, as Microsoft has not provided comprehensive information on the extent of the damage caused by the DDoS attacks. Cybersecurity researchers and experts have noted the significance of such attacks on globally distributed systems but highlight the need for more objective measures and transparency from companies to gauge the true impact on users.
Microsoft referred to the attackers as Storm-1359, a designation given to groups whose affiliation is yet to be determined. While it takes time to establish the identities of attackers, some cybersecurity firms suggest a possible connection between Anonymous Sudan and pro-Russian hacking groups such as Killnet. Analysts believe that Anonymous Sudan collaborates with pro-Kremlin groups to spread pro-Russian propaganda and disinformation. The exact location of Anonymous Sudan remains uncertain, with indications that it may not be based in Sudan as claimed.
The incident underscores the ongoing challenge posed by DDoS attacks, which are regarded as an unsolved problem in cybersecurity. Experts emphasize the importance of distributing services across multiple platforms, such as content distribution networks, to enhance resilience against such attacks. The techniques employed by the attackers are not new, dating back as far as 2009, highlighting the need for continued vigilance and proactive security measures.
The disruptions to Microsoft 365’s office suite and Azure cloud computing platform were reported on June 5, with thousands of outage and problem reports recorded. Services such as Outlook, Microsoft Teams, SharePoint Online, and OneDrive for Business were affected, with the attacks persisting throughout the week. On June 8, global downtime was reported for cloud-based OneDrive file-hosting, while desktop OneDrive clients remained unaffected.