Finally, a we have a confirmation of the Microsoft cyber attack, albeit in a sly blog post. In the aftermath of the recent outage affecting Microsoft Azure, Outlook, and OneDrive, the renowned tech giant has officially acknowledged the incidents, attributing them to cyber attacks.
In a recent blog post titled “Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks,” the company addressed the Microsoft cyber attack that impacted services.
The incident, initially attributed to “technical issues,” has now been confirmed due to targeted layer 7 DDoS attacks. Anonymous Sudan, a notorious hacker group, claimed responsibility for the attack and taunted Microsoft in online posts.
The Cyber Express had previously reported on the OneDrive outage, which left thousands of users unable to access their files and documents.
Shortly after, screenshots of Telegram posts by Anonymous Sudan surfaced, showcasing their involvement in the Microsoft cyber attack.
The group boasted about causing the outage and hinted at carrying out similar layer 7 DDoS attacks on other Microsoft services.
Microsoft acknowledges OneDrive outage, cyber attack by Anonymous Sudan
Microsoft has acknowledged the claims made by Anonymous Sudan and assured its customers that they are actively investigating the matter.
The company also stated that it had taken necessary steps to protect its customers and ensure the stability of its services.
Moreover, Microsoft clarified that there is no evidence suggesting that customer data has been compromised or accessed. According to Microsoft’s blog post, these layer 7 DDoS attacks target seven layers, a specific network application layer.
These attacks aim to exhaust system resources by overwhelming them with a high load of SSL/TLS handshakes and HTTP(S) requests. The result is an extensive strain on the application backend, leading to compromised availability.
The cybercriminals behind these layer 7 DDoS attacks, Storm-1359, AKA Anonymous Sudan, have access to a collection of botnets and tools enabling them to launch attacks from multiple cloud services and open proxy infrastructures.Â
“Microsoft assessed that Storm-1359 has access to a collection of botnets and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures. Storm-1359 appears to be focused on disruption and publicity,” read the company blog.
Microsoft cyber attack: Company provides guidance to customers
To combat similar layer 7 DDoS attacks, Microsoft has advises its customers to implement layer 7 protection services such as Azure Web Application Firewall (WAF), available with Azure Front Door and Azure Application Gateway.
The company recommends utilizing the bot protection managed rule set, blocking malicious IP addresses and ranges, and implementing custom WAF rules to block automatically and rate limit known signature attacks.
By actively investigating and sharing insights into the nature of the attack, Microsoft aims to increase awareness and encourage users to implement necessary security measures.
As the investigation continues, Microsoft urges customers to review the technical details and recommended actions outlined in their blog post to strengthen the resilience of their environments against layer 7 DDoS attacks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
