(Boston) In early June, sporadic but serious outages affected Microsoft’s flagship office suite – including Outlook email and OneDrive file sharing apps – as well as the platform for managing the digital cloud. A cyberactivist group has claimed responsibility, saying it flooded sites with unwanted traffic with distributed denial-of-service (DDoS) attacks.
Initially reluctant to name the cause, Microsoft has now revealed that DDoS attacks carried out by this group were indeed to blame.
But the software giant provided few details – and did not immediately say how many customers were affected and whether the impact was global.
A spokeswoman confirmed that the group calling itself “Anonymous Sudan” was behind the attacks. He claimed responsibility on his Telegram platform channel at the time. Some security researchers believe the group is Russian.
Microsoft’s explanation in a Friday night blog post followed a request from The Associated Press two days earlier. Thin on the details, the message specified that the attacks “temporarily affected the availability” of certain services. It says the attackers focused on “disruption and publicity” and likely used rented cloud computing infrastructure and virtual private networks to bomb Microsoft servers from so-called botnets of zombie computers in the whole world.
Microsoft said there was no evidence that any customer data was accessed or compromised.
While DDoS attacks are mostly a nuisance – rendering websites inaccessible without breaking into them – security experts say they can disrupt the work of millions of people if they succeed in disrupting the services of a software services giant like Microsoft on which global commerce depends so much.
It is not clear, however, if this is what happened here.
“We really have no way of measuring the impact if Microsoft doesn’t provide this information,” said Jake Williams, a renowned cybersecurity researcher and former National Security Agency hacker. Mr. Williams said he was unaware that Outlook had ever been attacked on this scale.
“We know that some resources were inaccessible to some, but not to others. This often happens with DDoS of globally distributed systems,” added Jake Williams. Microsoft’s apparent reluctance to provide an objective measure of customer impact “probably shows the magnitude,” he said.
Microsoft dubbed the attackers Storm-1359, using a designator it assigns to groups whose affiliation it has yet to establish. Cybersecurity investigation tends to take time – and even then it can be a challenge if the adversary is skilled.
Ukraine’s allies targeted
Pro-Russian hacking groups including Killnet – which cybersecurity firm Mandiant says is affiliated with the Kremlin – bombarded the government and other websites of Ukraine’s allies with DDoS attacks. In October, some US airport sites were affected.
Analyst Alexander Leslie of cybersecurity firm Recorded Future explained that it was unlikely that “Anonymous Sudan” was located as he claimed in Sudan, an African country. The group works closely with Killnet and other pro-Kremlin groups to spread pro-Russian propaganda and disinformation, he claimed.
Edward Amoroso, a professor at New York University and president and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all agree to avoid.” talk “. It is not a controversy to call this an unsolved problem.
He believes that Microsoft’s difficulties fending off this particular attack suggests “a single point of failure.” The best defense against these attacks is to massively distribute a service, on a content distribution network for example.
Indeed, the techniques used by the attackers are not old, underlined the British security researcher Kevin Beaumont. “One dates back to 2009,” he said.
Severe impacts from Microsoft 365 office suite outages were reported on June 5, peaking at 18,000 outages and problem reports on the Downdetector detection system shortly after 11 a.m.
On Twitter that day, Microsoft wrote that Outlook, Microsoft Teams, SharePoint Online and OneDrive for Business were affected.
The attacks continued throughout the week, with Microsoft confirming on June 9 that its Azure digital cloud platform had been affected.
On June 8, computer security news site BleepingComputer.com reported that cloud-based OneDrive file hosting has been down globally for some time.
Microsoft said at the time that OneDrive desktop clients were unaffected, BleepingComputer reported.