Microsoft blames June outage on Russian DDoS

'Anonymous Sudan' is hiding its real identity

Microsoft blames June outage on Russian DDoS

Microsoft has confirmed its services succumbed to DDoS attacks earlier this month, while a cybersecurity firm has pointed at Russia as the culprit.

The attacks hit Azure, Outlook and OneDrive over the course of three days, taking down services like Teams and Sharepoint Online.

The company gave early indications that the outages were the result of a DDoS attack when it attributed them to a "spike in network traffic". However, it wasn't until Friday that the company confirmed the news.

A post on the Microsoft Security Response Center says "This recent DDoS activity targeted layer 7 rather than layer 3 or 4... [The attacker] has been observed launching several types of layer 7 DDoS attack traffic."

Those types include HTTP(s) flood attacks; cache bypassing; and slowloris.

The blame game

Although Microsoft refers to the attacker by code rather than name (Storm-1359), a group known as Anonymous Sudan has claimed responsibility.

The name suggests a group operating out of Sudan and first appeared to be a grassroots pro-Islam collective. However, analysis by cybersecurity firm CyberCX suggests that Russia is the ultimate culprit.

The group, which first appeared in January this year, has also claimed responsibility for more than 20 other DDoS attacks on Australian companies.

CyberCX, believes Anonymous Sudan is far more organised than they are trying to appear.

For example, the fact that it only announces targets during or after attacks - rather than planning semi-publicly online - indicates a level of professionalism and security.

Likewise, the use of paid infrastructure used to launch the denial of service attacks "would have cost tens of thousands of dollars" - resources a loose collective is unlikely to have.

More damningly, Anonymous Sudan is publicly aligned to pro-Russian threat actors and is a member of the Russia-supporting Killnet group.

"[The attack] really stems from the Russian government proclivities to drive division in society," CyberCX's chief strategy officer Alastair MacGibbon told Guardian Australia.

"They don't really care about the issue … anti-racism, pro-environment or whatever - [they] just get into whatever it is that matters to [harm] targets. In this case, the West."