Microsoft confirmed disruption to its Microsoft 365 apps earlier this month was due to a distributed denial-of-service (DDoS) attack.
As AP reports, Microsoft published a blog post on Friday providing details of the DDoS attack, which was carried out by a threat actor it refers to as Storm-1359. The group who claimed responsibility for the attack calls itself Anonymous Sudan.
According to cyber security solutions provider Radware, Anonymous Sudan is group of religiously motivated hackers from Sudan. They mainly target Swedish and Danish organizations as a reaction to far-right activist Rasmus Paludan. However, some security researchers suspect the group is just a front for a Russian hacking operation.
The attack against Microsoft's services started on June 5, and according to the Microsoft 365 Status Twitter account, impacted Outlook on the web first. Access to OneDrive was also impacted. Microsoft said the attacks most likely relied on "multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools" and focused on Layer 7, which is the application layer of the internet.
Beyond that, no in-depth detail was given, but Microsoft did confirm no customer data was accessed of compromised. It also took the opportunity to recommend using Azure Web Application Firewall (WAF) if organizations want to protect themselves from similar Layer 7 attacks.
DDoS attacks attempt to overload a target's servers with traffic and therefore stop any legitimate traffic getting through. It's an attack companies and organizations have had to accept they need to prepare for, but even with robust protection in place, a DDoS attack can still be disruptive. Last year, Google managed to fend off a record-breaking DDoS attack, as did Cloudflare and Microsoft earlier in the year.