In a recent blog post, Microsoft officially acknowledged that the disruptions to its services earlier this month were the result of deliberate hacks. The tech giant attributed the temporary unavailability of some of its services to ongoing Distributed Denial-of-Service (DDoS) attacks conducted by a threat actor identified as Storm-1359.
On June 5, Microsoft’s 365 software suite, including popular applications like Teams and Outlook, experienced an outage lasting over two hours, affecting thousands of users. A brief recurrence was witnessed the following morning. This incident marked the fourth major outage for Microsoft within the span of a year.
Although Microsoft has assigned a temporary designation to the attackers, indicating their affiliation has not yet been determined, a hacktivist group called Anonymous Sudan has claimed responsibility for the hack on the messaging platform Telegram.
Over the past decade, messaging platform Telegram, code management site GitHub, and network provider Dyn have all faced similar attacks. In Microsoft’s case, the hackers focused on causing disruption and seeking publicity. They utilized rented cloud infrastructure and virtual private networks to overwhelm Microsoft servers using botnets comprised of compromised computers worldwide.
Reassuringly, Microsoft has stated that there is no evidence suggesting that customer data has been accessed or compromised during these incidents. DDoS attacks typically aim to temporarily render targeted servers inaccessible through the influx of substantial internet traffic, employing relatively unsophisticated methods.
The recurrence of service disruptions raises concerns about the vulnerability of technology platforms to malicious attacks. Companies like Microsoft are continuously enhancing their security measures to thwart such incidents. Nevertheless, the sophistication and persistence of threat actors continue to present challenges for ensuring uninterrupted and secure digital services.
Microsoft has not disclosed the motive behind the recent DDoS attacks or whether it has identified the individuals or groups responsible for them. As investigations continue, users and organizations are advised to remain vigilant, adopt robust cybersecurity practices, and promptly install security updates to mitigate potential risks.
It remains to be seen how Microsoft and other technology giants will fortify their defenses against future attacks, working towards a more secure digital landscape for businesses and individuals alike.