Microsoft’s Outlook and Office Services Targeted in Cyberattacks
In early June 2023, Microsoft‘s flagship office suite encountered disruptions caused by Layer 7 DDoS attacks. These attacks were orchestrated by a newly emerged hacktivist group, referred to as Storm-1359 by Microsoft, adding a sense of mystery to their identity.
Early in June, there were substantial service outages with Microsoft’s premier office suite, affecting programs like Outlook email, OneDrive file-sharing, and the cloud computing platform. These hiccups were brought on by distributed denial-of-service (DDoS) assaults planned by an enigmatic hacktivist collective. Microsoft initially resisted disclosing the cause but has since acknowledged the startup group’s role in the DDoS attacks.
However, Microsoft has provided limited information, refraining from commenting on the extent of customer impact and whether it was a global issue. A Microsoft spokesperson confirmed that the group identifying themselves as Anonymous Sudan was responsible for the attacks, as claimed on their Telegram social media channel. Some security researchers speculate that the group may have ties to Russia, further adding to the intrigue surrounding their identity.
In response to a request from The Associated Press, Microsoft released a blog post on Friday evening explaining the recent service disruptions. The post, although lacking in specific details, mentioned that the attacks had caused temporary availability issues for certain services. It further stated that the attackers’ primary goals were disruption and publicity, and they likely utilized rented cloud infrastructure and virtual private networks (VPNs) to launch the assault on Microsoft servers. These attacks were conducted through botnets, which consist of compromised computers worldwide.
Importantly, Microsoft clarified that no evidence suggested any unauthorized access or compromise of customer data occurred during the attacks.
DDoS assaults can have serious consequences when they target major software service providers like Microsoft, even if their main purpose is to inconvenience people by making websites inaccessible without accessing their computers. Millions of users’ work could be affected if these companies’ services are disrupted, as they are crucial to international trade. However, it is still unclear in this specific instance if the DDoS attacks contributed directly to the disruption.
We really have no way to measure the impact if Microsoft doesn’t provide that info, We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems.
Jake Williams, Cybersecurity researcher
He said Microsoft’s apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”
Microsoft designated the attackers responsible for the recent disruptions as Storm-1359, using a temporary label typically assigned to groups whose specific affiliations are not yet determined. Investigating cybersecurity incidents often requires considerable time, and even then, identifying skilled adversaries can pose a significant challenge.
Pro-Russian hacking groups, including Killnet, which cybersecurity firm Mandiant links to the Kremlin, have been conducting DDoS attacks on government websites and those of Ukraine’s allies. In October, certain U.S. airport websites were targeted. According to Alexander Leslie, an analyst from Recorded Future, it is improbable that Anonymous Sudan is actually based in Sudan, as claimed. Instead, the group collaborates closely with Killnet and other pro-Kremlin organizations to disseminate pro-Russian propaganda and disinformation.
Our Readers ALSO READ
Research Discovers Publisher Spoofing Bug in Microsoft Visual Studio Installer
Edward Amoroso, CEO of TAG Cyber and an NYU professor, emphasized that the recent Microsoft incident underscores the ongoing and significant risk posed by DDoS attacks, which often go undiscussed. He highlighted that this problem remains unsolved and not controversial to acknowledge.
Amoroso suggested that the difficulties Microsoft faced in mitigating this particular attack point to a potential single point of failure. To defend against such attacks, he recommended distributing services widely, such as through a content distribution network.
Kevin Beaumont, a security researcher from the UK, noted that the techniques employed by the attackers are not new, with one technique dating back to 2009.
The disruptions to Microsoft 365’s Office suite on June 5 resulted in significant impacts, as evident from a peak of 18,000 outages and problem reports on the tracker Downdetector. Microsoft confirmed the impact on services like Outlook, Microsoft Teams, SharePoint Online, and OneDrive for Business.
The attacks persisted throughout the week, with Microsoft acknowledging on June 9 that its Azure cloud computing platform had also been affected. BleepingComputer.com reported a global downtime of the cloud-based OneDrive file-hosting service on June 8, while Microsoft stated that desktop OneDrive clients remained unaffected, according to the report.
Like this article? Follow our LinkedIn and Facebook handles for more daily exclusive content like this.
