In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure.
A collective known as Anonymous Sudan (aka Storm-1359) claimed responsibility for the DDoS attacks that hit the company’s services.
Collective Anonymous Sudan has been active since January 2023, it claims to target any country that is against Sudan. However, some security researchers believe that Anonymous Sudan is a sub-group of the Pro-Russian threat group Killnet.
Threat actors relied on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.
Initially, the IT giant did not provide details about the outage, but later it confirmed it was targeted by DDoS attacks in a report titled “Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks.”
“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.” reads the report published by the company.
The company pointed out that they have seen no evidence that customer data has been accessed or compromised.
However, Anonymous Sudan has announced to have stolen credentials for 30 million customer accounts.
“We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password. Price for full database : 50,000 USD” reads the message published by the group on its Telegram channel on July 2nd, 2023.
The collective shared a sample of the alleged stolen data and is offering for sale the database for $50,000.
At this time, Microsoft has yet to release a public comment on the alleged data breach. BleepingComputer requested a comment from the company that denied any data breach claims.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Anonymous Sudan)