The disruptions to Microsoft’s services earlier this month were indeed the result of hacks, the software giant has admitted.
In a blogpost Friday (June 16), the Redmond, Washington-based tech behemoth attributed the “surges in traffic against some services that temporarily impacted availability” to the “ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.”
While Microsoft gave the attackers a designate meant for groups whose affiliation it has not yet assigned, a hacktivist group called Anonymous Sudan has claimed responsibility for the hack on Telegram.
DDoS refers to a Distributed Denial-of-Service (DDoS) Attack, wherein hackers bombard a server with junk internet traffic to prevent user access. Messaging platform Telegram, code management site GitHub, and network provide Dyn have all faced similar attacks in the last decade.
In Microsoft’s case, attackers focused on “disruption and publicity” used rented cloud infrastructure and virtual private networks to flood Microsoft servers from so-called botnets of zombie computers around the globe.
The company said it has “seen no evidence that customer data has been accessed or compromised.”
A brief timeline of Microsoft getting hacked
June 5: Thousands of users complain of Microsoft Outlook being down. The Microsoft 365 acknowledges the outage and says its investigating the matter on Twitter. The company says Microsoft Teams, SharePoint Online and OneDrive for business have also been impacted. Hours later, everything is restored. But attacks will continue through the week.
June 6: Anonymous Sudan claims to have compromised Microsoft’s systems and stolen tens of millions of customers’ data.
June 8: Computer security news site BleepingComputer.com reports that cloud-based OneDrive file-hosting was down globally for a time.
June 9: Microsoft confirms that its Azure cloud computing platform has been affected.
Anonymous Sudan’s attack on Microsoft, by the digits
18,000: People affected simultaneously at the peak of the June 5 attack.
30 million: How many customers’ data Anonymous Sudan claims to have stolen during the attack on Microsoft’s suite of services. Microsoft hasn’t disclosed a number on its end.
A brief explanation of why Anonymous Sudan is targeting American companies
The attack came after Anonymous Sudan misinterpreted a statement by US Secretary of State Antony J. Blinken, who was visiting Saudi Arabia on June 1, and discussed the ongoing conflict in the east African country.
Blinken talked about “looking at steps that we can take to make clear our views on any leaders who are moving Sudan in the wrong direction, including by perpetuating the violence and by violating ceasefires that they’ve actually committed to.” The hackers mistook this as a sign that the US would potentially invade Sudan, threatening to “target critical infrastructure” of American countries in retaliation.
On June 1, the US announced visa restrictions for high-profile individuals and economic sanctions for various entities in Sudan, including the Sudanese Armed Forces (SAF) and Rapid Support Forces (RSF), in response to recent “looting, occupation of and attacks on civilian residences and infrastructure, use of aerial bombardment and artillery, attacks and prohibited movements, and obstruction of humanitarian assistance and essential services restoration.”
Quotable: Hackers interrupted Microsoft’s services over US involvement in Sudan
“We can target any US company we want. Americans, do not blame us, blame your government for thinking about intervening in Sudanese internal affairs.”—Anonymous Sudan on its Telegram Channel
A non-exhaustive list of other US entities Anonymous Sudan attacked in June 2023
Ride-hailing service Lyft
Lovelace Health Systems in New Mexico
Hudson Regional Hospital in New Jersey
Exeter Hospital in New Hampshire
Shipping and logistics firm United Parcel Services (UPS)
One more thing: Is Anonymous Sudan from Sudan?
Researchers believe Anonymous Sudan isn’t based out of the African country. They suspect it is a pro-Russia group whose allegiance lies with the Kremlin. It’s likely a subset of Russia-aligned hacktivist group Killnet.
More from Quartz