Microsoft has confirmed that an outage to its cloud servers was a result of distributed denial-of-service (DDoS) attack and that the attack can be traced back to a malicious hacking group called Anonymous Sudan.
Microsoft's servers experienced an outage earlier this month that knocked out key Microsoft services such as Outlook and OneDrive, while also affecting other areas of Microsoft's Azure cloud computing platform. While the servers were rocked, Microsoft kept quiet about the situation until it spoke out over the weekend, confirming the attack was a DDoS attack and that it appears Anonymous Sudan's claim of being responsible is true.
Microsoft has yet to say how many customers were affected by the outage, but with services such as Outlook and OneDrive offline, you can expect it to be at least in the hundreds of thousands, if not millions. Microsoft explained that it tracked the activity of what it identified as "Storm-1359" and found that the perpetrator appeared to be "focused on disruption and publicity".
For those that don't know, a simple way to think about a DDoS attack is to imagine a flood of internet traffic to a server that is unable to handle it, resulting in it becoming disrupted. Additionally, Microsoft said it found zero evidence of any customer data being stolen, hence why it believes the motivation was disruption and publicity.
Cybersecurity firm CyberCX said in a report released on Monday that Anonymous Sudan likely isn't an authentic hacktivist organization and is more likely to be linked to or associated with Russian state operations. The cybersecurity firm came to these conclusions after analyzing the group's activities, and according to the firm's report, the organization paid for expensive equipment to carry out the attack, costing the group upwards of tens of thousands of dollars for the amount of traffic to temporarily bring down Microsoft.
Furthermore, CyberCX said that Anonymous Sudan has in the past publicly aligned itself with Russia and is also a member of the pro-Russia hacking group called Killnet. Alastair MacGibbon, CyberCX's chief strategy officer, spoke to Guardian Australia and said that Anonymous Sudan generally carried out low-level attacks and actually presented itself as an Islamic group. Additionally, MacGibbon said that groups such as Anonymous Sudan stem from "Russian government proclivities to drive division in society."
"They don't really care about the issue ... anti-racism, pro-environment or whatever - [they] just get into whatever it is that matters to [harm] targets. In this case, the West," said MacGibbon"
Since there the attacks themselves aren't very monetizable, "There has to be a link to other forms of monetization, potentially a state or some form of direction coming from the state that says 'go and cause fear, uncertainty and doubt," sad MacGibbon.
It speaks volumes that Microsoft was unable to have the adequate defenses to prevent a DDoS attack, but according to the company it will be increasing its resilience of their systems to hopefully stop future attacks of this caliber. If you are interested in learning more about this story, or would like to read more about the DDoS attack, check out this link here.