Microsoft representatives have confirmed that Layer 7 DDoS attacks by Anonymous Sudan were the cause of the recent outages in the Azure, Outlook, and OneDrive portals.
The company attributes these attacks to the Storm-1359 group, which identifies itself as “Anonymous Sudan”.
It is worth noting that we previously reported that one in every five Russian citizens aspires to become a hacker, and also that Russian Hackers Utilize Passion DDoS Platform to Target Medical Facilities.
DDoS
Service disruptions were observed in early June 2023. According to Bleeping Computer, Outlook.com was attacked on June 7, OneDrive on June 8, and the Microsoft Azure portal on June 9.
Although Microsoft did not officially report DDoS attacks at the time, it was evident that they were the cause, as the company stated that load balancing processes were implemented to mitigate the issue.
The attacks were claimed by the group Anonymous Sudan, which stated that the purpose was to protest US interference in Sudan’s internal affairs.
The Microsoft Security Response Center has now officially confirmed that the service outages were indeed the result of Layer 7 DDoS attacks, and the group tracked by the company as Storm-1359 is responsible for these attacks.
The researchers additionally state that Anonymous Sudan employs three types of Layer 7 DDoS attacks: HTTP(S) flood, Cache bypass, and Slowloris.
Anonymous Sudan
Although Microsoft tracks this group as Storm-1359, as mentioned before, the group is better known as Anonymous Sudan. The group emerged in January 2023, announcing that it would target any country opposing Sudan.
Over the past six months, the group has targeted organizations and government agencies worldwide through DDoS attacks, as well as hacking and data leaks.
Starting in May 2023, the group initiated DDoS attacks on large organizations, demanding ransom to cease the attacks. Initially, Scandinavian Airlines (SAS) was targeted, after which the hackers shifted their focus to American companies such as Tinder, Lyft, and medical institutions throughout the United States.
When Anonymous Sudan turned its attention to Microsoft and launched DDoS attacks on Outlook, Azure, and OneDrive, they demanded a payment of $1,000,000 to halt the attacks.
Simultaneously, some information security researchers speculate that the group may be operating under a false flag and potentially have connections to Russia. These suspicions have only grown stronger since the hackers announced the establishment of a “DARKNET parliament” comprising other pro-Russian hackers, including Killnet and REvil, and subsequently participated in the recent attack on the European Investment Bank (EIB).
In response to these allegations, the hackers made the following statement on their Telegram channel (presumably utilizing machine translation):
It is worth mentioning that cybersecurity experts previously reported on the Russian DDOSIA Project, which compensates volunteers to participate in DDOS attacks against Western companies.
