Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Microsoft Confirms Disruptions on DDoS

What Happened

In a series of severe digital onslaughts that rattled the tech world, Microsoft recently confirmed that their Azure, Outlook, and OneDrive services were targeted by Layer 7 DDoS attacks. These attacks occurred at the onset of June and were traced back to a threat actor identified as Storm-1359, also known as Anonymous Sudan. Microsoft initially hinted at DDoS attacks being the cause of the disruptions but didn’t confirm it until a later post on their Security Response Center. They clarified that these outages were indeed a result of a massive flood of network traffic caused by a well-coordinated DDoS attack against their services.

Who Was Affected

The DDoS attacks instigated by Anonymous Sudan led to significant outages for web portals of Outlook on June 7th, OneDrive on June 8th, and the Microsoft Azure Portal on June 9th. These attacks predominantly targeted the application level of the services by inundating them with an overwhelming volume of requests, leading to service disruptions as the systems couldn’t process them all. Microsoft has reassured that despite these outages, there’s no evidence of any customer data being accessed or compromised.

Hackers Objective

Emerging in January 2023, Anonymous Sudan made it clear they would retaliate against any country opposing Sudan, targeting organizations and government agencies worldwide. Starting in May, the group began directing its efforts towards large organizations, demanding payments in exchange for halting the attacks. In June, they shifted their focus to Microsoft’s web-accessible portals for Outlook, Azure, and OneDrive. They demanded $1 million in return for ceasing the attacks and to impart knowledge on repelling future attacks. However, some cybersecurity researchers speculate that this may be a facade and that the group might be affiliated with Russia.


In response to these high-stake attacks, Microsoft has been applying load balancing processes to mitigate the issue and has actively been tracking the threat actor’s activities. They’ve noted that these attacks likely relied on access to multiple virtual private servers (VPS), rented cloud infrastructure, open proxies, and DDoS tools. Microsoft maintains that the attacker’s primary focus appears to be disruption and publicity. Despite the considerable damage caused, there are no reports of customer data being compromised or accessed during the attacks. The tech giant continues to investigate the situation while maintaining their commitment to customer service and data security.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.