View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 19, 2023updated 21 Aug 2023 3:29pm

Microsoft quietly admits DDoS cyberattacks took down Office 365 and Outlook

The tech giant says it was hit with an attack earlier this month, having initially been cagey about the cause of an outage to its services.

By Matthew Gooding

Microsoft says it was a victim of a cyberattack earlier this month which affected its Office 365 productivity suite, including apps such as Teams and Outlook. The tech giant says it believes no customer data was compromised in what was a distributed denial of service (DDoS) attack carried out by a cybercriminal gang known as Storm-1359, or Anonymous Sudan.

Microsoft has admitted an Office 365 outage earlier this month was caused by a cyberattack. (Photo by rafapress/Shutterstock)

Office 365 services went down for several hours on 4 June, and suffered a second outage the following day. MSFT had previously declined to release details of what caused the problem, with a company spokesperson simply saying on 5 June: “We have resolved an issue preventing users from accessing some of our services.”

However, in a blog posted late on Friday, Microsoft confirmed a DDoS cyberattack had taken place.

Microsoft confirms DDoS cyberattack on Office 365

The Microsoft blog says the company “identified surges in traffic against some services that temporarily impacted availability”. It then “opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359”.

It says the attacks targeted what the company refers to as Layer 7 of the security protocols relating to its cloud services such as Office 365. “Microsoft hardened layer 7 protections including tuning Azure Web Application Firewall to better protect customers from the impact of similar DDoS attacks,” the blog says. 

“While these tools and techniques are highly effective at mitigating the majority of disruptions, Microsoft consistently reviews the performance of its hardening capabilities and incorporates learnings into refining and improving their effectiveness.”

Security researchers on Twitter pointed out that Microsoft has been quite reticent to publicise details of the breach, not even naming the services affected.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

The blog contains actions customers should take to ensure their networks are fully protected from the impact of DDoS attacks, even though this attack impacted Microsoft’s own infrastructure.

Anonymous Sudan and DDoS attacks

DDoS attacks are a low-skill and relatively benign form of cyberattack, which see servers flooded with requests, usually via a botnet, in an attempt to make them crash. Malware cannot be injected into a network via a DDoS attack alone, though they have been known to be a precursor for more advanced cyberattacks.

These types of attacks have seen a surge in popularity over the last 18 months, particularly since the war in Ukraine began and hacktivist activity has ramped up.

Anonymous Sudan, or Storm-1359, is thought to be an offshoot of the original Anonymous hacktivist collective which shot to prominence a decade ago.

Last week, Tech Monitor reported on a threat by the group to take down the European financial system. Joining forces with two other hacking gangs, Russia-based Killnet and REvil, Anonymous Sudan said it planned to hit back at Europe for its role in helping Ukraine in the war with Russia. It said it would target the financial sector and the SWIFT messaging system which international banks use to communicate, as well as going after the US Federal Reserve.

The video was posted on Thursday, with attacks supposed to commence within 48 hours. As yet, no breaches have been reported.

Read more: Microsoft is now a cybersecurity titan. That could be a problem

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.