Microsoft announced that the Outlook and OneDrive outages were the result of a DDoS attack. There had been intermittent outages for one day in both services.
Earlier this month, a group known as Anonymous Sudan claimed responsibility for a DDoS attack that disrupted access to Outlook, OneDrive, and several other Microsoft online services. Although Microsoft did not provide much information on the subject at the beginning, the company acknowledged the attack in a blog post it published a while ago and offered some technical details to protect against such attacks in the future.
Microsoft admits it was hacked
The history of the Anonymous Sudan group, which claimed responsibility for the attack, is not clear, and it is stated that the group has been active since January. According to the reports, the attack lasted about an hour and a half. In 2021, Microsoft was the target of one of the largest DDoS attacks ever recorded, with traffic reaching 2.4 terabits per second (Tbps) lasting more than 10 minutes. In 2022, an attack reached 3.47Tbps. It’s unclear how big the traffic explosions were in the June attack. However, on the day of the service outage, more than 18,000 users reported on Twitter that Outlook crashed.
According to Microsoft’s blog post, the DDoS attack targeted OSI layer 7, the network layer where applications access network services. This layer is where applications like e-mail pull the data. On the other hand, Microsoft said, “We have not seen any evidence that customer data has been accessed or compromised.”
According to Bleeping Computer, Anonymous Sudan began carrying out cyber attacks at the beginning of 2023. At that time, the group allegedly targeted countries that were involved in Sudanese politics and supported anti-Muslim policies. However, some cybersecurity researchers believe that the group is actually an extension of the Russian-affiliated Killnet group, and that the reference to Sudan is just a camouflage.
The possibility of this connection became even more apparent on Friday when Anonymous Sudan announced that it had formed a “Darknet Parliament” with Killnet and another pro-Russian gang, Revil. In the first place, the organization threatened to target the international interbank system SWIFT. The USA and the EU removed Russia from this system after the invasion of Ukraine.