In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure.
A collective known as Anonymous Sudan (aka Storm-1359) claimed responsibility for the DDoS attacks that hit the company’s services.
Collective Anonymous Sudan has been active since January 2023, it claims to target any country that is against Sudan. However, some security researchers believe that Anonymous Sudan is a sub-group of the Pro-Russian threat group Killnet.
Threat actors relied on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.
Initially, the IT giant did not provide details about the outage, but later it confirmed it was targeted by DDoS attacks in a report titled “Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks.”
“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.” reads the report published by the company.
The company pointed out that they have seen no evidence that customer data has been accessed or compromised.
However, Anonymous Sudan has announced to have stolen credentials for 30 million customer accounts.
“We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password. Price for full database : 50,000 USD” reads the message published by the group on its Telegram channel on July 2nd, 2023.
The collective shared a sample of the alleged stolen data and is offering for sale the database for $50,000.
At this time, Microsoft has yet to release a public comment on the alleged data breach. BleepingComputer requested a comment from the company that denied any data breach claims.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Anonymous Sudan)
CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known Exploited Vulnerabilities catalog. The…
CISA adds two Chrome zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity…
North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware.…
Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party…
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third…
The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers…
This website uses cookies.