Anonymous Sudan Launches Devastating DDoS Attack on Microsoft, Paralyzing Office Suite Services. Microsoft Remains Mum on Cyberattack Fallout. Impact on Customers and Global Reach Kept Under Wraps.
After initially exercising caution in attributing the cyberattacks, Microsoft finally disclosed the source in a blog post, confirming that the DDoS attacks were indeed orchestrated by Anonymous Sudan.
Microsoft acknowledged that these attacks had a temporary impact on the availability of certain services. The company further stated that the hackers’ primary objectives were to generate disruption and gain publicity.
Challenges in Identifying Skilled Adversaries
Reports suggest that the hackers utilized rented cloud infrastructure, virtual private networks, and global botnets to overwhelm Microsoft’s servers. However, Microsoft maintains that there is no concrete evidence of significant data breaches occurring as a result.
Microsoft assigned the attackers the temporary label of “Storm-1359,” a placeholder title commonly used for unaffiliated groups during the identification process.
Determining the affiliation of such groups typically requires a significant amount of time, as it poses challenges, particularly when dealing with highly skilled adversaries.
Suspected Collaboration with Pro-Kremlin Hackers Raises Questions
Cybersecurity researchers are speculating about potential Russian affiliations of Anonymous Sudan, despite the group’s name. This speculation arises from the resemblance of their tactics to those employed by pro-Russian hacking groups such as ‘Killnet,’ which have frequently targeted websites of Ukraine’s allies using similarly distributed denial-of-service (DDoS) attacks.
Industry analysts cast doubt on the group’s claimed Sudanese origins, deeming it highly unlikely. Some experts suggest that Anonymous Sudan actively collaborates with Killnet and other pro-Kremlin entities as a means to propagate pro-Russian propaganda and spread misinformation.
The exact magnitude of the impact caused by the DDoS attacks remains uncertain
Detractors argue that the organization appears hesitant to disclose the full extent of customer disruptions resulting from the attack. According to reports, the attack methods employed are not novel and can be traced back to 2009. The disruptions to Microsoft 365 office suite services commenced on June 5, triggering approximately 18,000 outage complaints and problem reports.
Following the occurrences, numerous users promptly reported the incidents on Downdetector at around 11 a.m. Eastern Time (ET). The disruptions endured continuously over the course of the week. Ultimately, on June 9, Microsoft officially acknowledged that a cyberattack had targeted its Azure cloud computing platform.