Tens of thousands of Microsoft users reported serious service disruptions affecting the company’s flagship office suite products in early June, leaving them unable to access essential remote-work tools like Outlook email and One-Drive file-sharing apps.
The cause of the sporadic service disruptions, which Reuters reported lasted more than two hours, were initially unclear, according to the company’s tweets at the time. But now, the software company has identified a cause of the outages: a distributed denial-of-service (DDoS) attack executed by “Anonymous Sudan,” a cybercriminal group with alleged Russian ties.
Microsoft attributed the service outages during the week of June 5 to the cybercriminal group in a statement on its website Friday. Slim on details, the post said the attacks “temporarily impacted availability” of some services. The company also said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.
The Microsoft post linked the attackers to a group known as “Storm-1359,” using a term it assigns to groups whose affiliation it has not yet established. However, a Microsoft representative told the Associated Press that the group dubbed Anonymous Sudan was behind the attacks.
Microsoft said there was no evidence any customer data was accessed or compromised. The company did not immediately respond to CBS MoneyWatch’s request for comment.
Not sophisticated
While DDoS attacks are mainly a nuisance, making websites unreachable without penetrating them, security experts say they can disrupt the work of millions of people if they successfully interrupt popular tech services.
“DDoS is significant in terms of consumer usage, [meaning] you can’t get into a website, but it’s not a sophisticated attack,” Gil Messing, chief of staff at software and security firm Check Point, told CBS MoneyWatch.
Since the attack, Microsoft has taken several steps to guard against future DDoS attacks, including “tuning” its Azure Web Application Firewall, which serves as a line of defense against potential attacks, the company said in its statement.
Microsoft will need such precautions to ward off future attackers, who may be emboldened by the success of Anonymous Sudan’s attack, Steven Adair, president of cybersecurity firm Volexity, told CBS MoneyWatch.
“It looks like [Anonymous Sudan’s] DDoS efforts were met with a small level of success and that has gained quite a bit of attention,” Adair said. “It could spawn copycat attempts, but we are hoping this is not the case.”
The Associated Press contributed reporting.
