SCIENCE & TECHNOLOGY

Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks

Jun 17, 2023, 6:29 PM

FILE - In this July 3, 2014, file photo, the Microsoft Corp. logo is displayed outside the Microsof...

FILE - In this July 3, 2014, file photo, the Microsoft Corp. logo is displayed outside the Microsoft Visitor Center in Redmond, Wash. Microsoft is infusing generative AI tools into its Office software, including Word, Excel and Outlook emails. The company said Thursday, March 16, 2023 the new feature, named Copilot, is a processing engine that will allow users to do things like summarize long emails, draft stories in Word and animate slides in PowerPoint. (AP Photo/Ted S. Warren, File)
Credit: ASSOCIATED PRESS

(AP Photo/Ted S. Warren, File)

BOSTON (AP) — In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.

Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame.

But the software giant has offered few details — and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.

Microsoft’s explanation in a blog post Friday evening followed a request by The Associated Press two days earlier. Slim on details, the post said the attacks “temporarily impacted availability” of some services. It said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.

Microsoft said there was no evidence any customer data was accessed or compromised.

While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt the work of millions if they successfully interrupt the services of a software service giant like Microsoft on which so much global commerce depends.

It’s not clear if that’s what happened here.

“We really have no way to measure the impact if Microsoft doesn’t provide that info,” said Jake Williams, a prominent cybersecurity researcher and a former National Security Agency offensive hacker. Williams said he was not aware of Outlook previously being attacked at this scale.

“We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. He said Microsoft’s apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”

Microsoft dubbed the attackers Storm-1359, using a designator it assigns to groups whose affiliation it has not yet established. Cybersecurity sleuthing tends to take time — and even then can be a challenge if the adversary is skilled.

Pro-Russian hacking groups including Killnet — which the cybersecurity firm Mandiant says is Kremlin-affiliated — have been bombarding government and other websites of Ukraine’s allies with DDoS attacks. In October, some U.S. airport sites were hit. Analyst Alexander Leslie of the cybersecurity firm Recorded Future said it’s unlikely Anonymous Sudan is located as it claims in Sudan, an African country. The group works closely with Killnet and other pro-Kremlin groups to spread pro-Russian propaganda and disinformation, he said.

Edward Amoroso, NYU professor and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all just agree to avoid talking about. It’s not controversial to call this an unsolved problem.”

He said Microsoft’s difficulties fending of this particular attack suggest “a single point of failure.” The best defense against these attacks is to distribute a service massively, on a content distribution network for example.

Indeed, the techniques the attackers used are not old, said U.K. security researcher Kevin Beaumont. “One dates back to 2009,” he said.

Serious impacts from the Microsoft 365 office suite interruptions were reported on Monday June 5, peaking at 18,000 outage and problem reports on the tracker Downdetector shortly after 11 a.m. Eastern time.

On Twitter that day, Microsoft said Outlook, Microsoft Teams, SharePoint Online and OneDrive for Business were affected.

Attacks continued through the week, with Microsoft confirming on June 9 that its Azure cloud computing platform had been affected.

On June 8, the computer security news site BleepingComputer.com reported that cloud-based OneDrive file-hosting was down globally for a time.

Microsoft said at the time that desktop OneDrive clients were not affected, BleepingComputer reported.

KSL 5 TV Live

Science & Technology

About 576,000 Roku accounts were compromised in a cyberattack, the company said on April 12, the se...

John Towfighi, CNN

Roku says 576,000 accounts breached in cyberattack

About 576,000 Roku accounts were compromised in Roku's second cyberattack of the year.

10 hours ago

Phone with Instagram logo...

Kelvin Chan, AP Business Writer

Instagram begins blurring nudity in messages to protect teens and fight sexual extortion

Instagram says it’s deploying new tools to protect young people and combat sexual extortion.

1 day ago

MARTIN, OHIO - APRIL 08: The moon passes in front of the sun during a solar eclipse on April 08, 20...

Adithi Ramakrishnan, AP Science Writer

Can’t get enough of the total solar eclipse or got clouded out? Here are the next ones to watch for

If you missed North America's total solar eclipse or if you caught the eclipse bug, there are more chances to see the sun disappear.

4 days ago

The moon partially covers the sun behind the Statue of Liberty during the a solar eclipse on the Li...

Marcia Dunn, AP Aerospace Writer

Total solar eclipse wows North America. Clouds part just in time for most

A chilly, midday darkness fell across North America as a total solar eclipse raced across the continent. Monday's spectacle was witnessed by millions of spectators in the U.S., Mexico and Canada. It was North America's biggest eclipse crowd ever

4 days ago

MAZATLAN, MEXICO - APRIL 08: The sun disappears behind the moon during the Great North American Ecl...

Marcia Dunn, AP Aerospace Writer

A total solar eclipse races across North America. Clouds spoil the view for some

Millions of spectators along a narrow corridor stretching from Mexico to the U.S. to Canada eagerly awaited Monday's celestial sensation — a total eclipse of the sun — even as forecasters called for clouds.

5 days ago

Roger and Allyssa Sarkis collected all the leftover solar eclipse glasses after Utah's eclipse in 2...

Shelby Lofton

Provo family projected to sell half a million glasses for total solar eclipse

A Provo family made a business out of the leftover eclipse glasses of Utah's 2017 solar eclipse.

8 days ago

Sponsored Articles

Women hold card for scanning key card to access Photocopier Security system concept...

Les Olson

Why Printer Security Should Be Top of Mind for Your Business

Connected printers have vulnerable endpoints that are an easy target for cyber thieves. Protect your business with these tips.

Modern chandelier hanging from a white slanted ceiling with windows in the backgruond...

Lighting Design

Light Up Your Home With These Top Lighting Trends for 2024

Check out the latest lighting design trends for 2024 and tips on how you can incorporate them into your home.

Technician woman fixing hardware of desktop computer. Close up....

PC Laptops

Tips for Hassle-Free Computer Repairs

Experiencing a glitch in your computer can be frustrating, but with these tips you can have your computer repaired without the stress.

Close up of finger on keyboard button with number 11 logo...

PC Laptops

7 Reasons Why You Should Upgrade Your Laptop to Windows 11

Explore the benefits of upgrading to Windows 11 for a smoother, more secure, and feature-packed computing experience.

Stylish room interior with beautiful Christmas tree and decorative fireplace...

Lighting Design

Create a Festive Home with Our Easy-to-Follow Holiday Prep Guide

Get ready for festive celebrations! Discover expert tips to prepare your home for the holidays, creating a warm and welcoming atmosphere for unforgettable moments.

Battery low message on mobile device screen. Internet and technology concept...

PC Laptops

9 Tips to Get More Power Out of Your Laptop Battery

Get more power out of your laptop battery and help it last longer by implementing some of these tips from our guide.

Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks