Security News > 2023 > June > With dead-time dump, Microsoft revealed DDoS as cause of recent cloud outages
The Associated Press reported that in response to its inquiries about the cause of the outage, Microsoft admitted that Anonymous Sudan and DDoS orchestrated by the group were the cause of the outages.
The post that the AP claims is Microsoft's admission of succumbing to Anonymous Sudan doesn't mention the source of the DDoS - but does state: "Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.".
"This recent DDoS activity targeted layer 7 rather than layer 3 or 4. Microsoft hardened layer 7 protections including tuning Azure Web Application Firewall to better protect customers from the impact of similar DDoS attacks," the post states.
"Microsoft hasn't linked"Storm-1359" to Anonymous Sudan, but says the gang "has access to a collection of botnets and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures.
By posting the blog entry about its recent outages on the Friday before a long weekend - and not linking Storm-1359 to an attacker - Microsoft appears to have tried to minimize the publicity around this attack.
Whoever did the DDoS deed, one fact is clear: Microsoft's signature cloud services were disrupted and degraded by a determined attacker.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/19/microsoft_365_outage_ddos_cause/
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft lost some customers’ cloud security logs (source)