According to a report in The Associated Press (AP), complaints about Outlook being unavailable for up to 18,000 users at the peak of what has proved to be a Distributed Denial-of-Service (DDoS) attack started to appear on Twitter in early June. In a blog post published on Friday, Microsoft recognized the attack and provided some technical information as well as suggestions for preventing similar attacks in the future.
The blog makes no mention of whether the company was able to control the situation or whether the attack ceased on its own. However, the Microsoft 365 Status account on Twitter tweeted about the outage as it happened on June 5th, then again later that day, and ultimately seemed to have things under control the following morning.
The AP article said that a representative (presumably for Microsoft, though it’s not made clear in the article) had confirmed the identity of the team as Anonymous Sudan. According to an article in Cybernews, which covered the attack the same day it occurred, the group has been active since at least January. The gang asserted in that article that its attack lasted for nearly an hour and a half before it ended.
There is “no way to measure the impact if Microsoft doesn’t provide that info,” according to a former National Security Agency offensive hacker called Jake Williams who was featured in the AP report, and he wasn’t aware of Outlook having been struck this heavily before.
Microsoft prevented one of the longest-lasting DDoS attacks ever seen in 2021, which lasted more than 10 minutes and peaked at 2.4 terabits per second (Tbps) of bandwidth. 3.47Tbps were attacked in 2022. The size of the traffic bursts during the attack in June is unknown.
According to Microsoft’s blog post, the OSI layer 7 — the layer of a network where applications access network services — was the target of the DDoS activity. It’s the location where your apps, including email, request their data. Microsoft thinks the Storm-1359 attackers utilized botnets and other tools to launch their attacks “from multiple cloud services and open proxy infrastructures,” and that they seemed to be primarily interested in causing trouble and garnering attention.
Microsoft is yet to give an answer when contacted for further questioning.