Sections of this topic
Dive into the recent DDoS attack on Microsoft’s Outlook with our comprehensive, conversational news report. Discover the key players, implications, and Microsoft’s response.
Key Takeaways:
- In early June, Microsoft’s Outlook service experienced a significant outage affecting up to 18,000 users, later identified as a result of a DDoS attack.
- Anonymous Sudan, a hacker group, claimed responsibility for the attack, which reportedly lasted about 90 minutes and targeted Microsoft’s OSI layer 7.
- Microsoft shared some insights into the attack and how users could protect themselves in the future, although the complete resolution and impact of the attack have not been definitively stated.
Microsoft’s Outlook: Recounting the June Outage Linked to a DDoS Attack
Earlier this month, the Twitterverse lit up with disgruntled users decrying Outlook disruptions. With around 18,000 users at the zenith of the outage, it soon became clear that a Distributed Denial-of-Service (DDoS) attack was the culprit, as reported in an Associated Press (AP) release and confirmed by Microsoft in a detailed blog post.
Attack Aftermath: What Transpired Following the Outage?
The Microsoft 365 Status Twitter account diligently kept followers updated during the crisis on June 5th, signaling the restoration of services the next morning. However, Microsoft’s blog stopped short of clarifying whether they effectively neutralized the attack or it merely subsided.
An anonymous spokeswoman hinted that Anonymous Sudan, a hacker group active since the beginning of the year, was the one responsible for the havoc, according to a Cybernews article. This report stated the group claimed its onslaught lasted for approximately 90 minutes.
We continue to observe stable service health since we’ve applied our various preemptive mitigations and we will closely monitor the service should there be a recurrence.
— Microsoft 365 Status (@MSFT365Status) June 7, 2023
Measuring the Impact of the DDoS Attack
Former National Security Agency offensive hacker Jake Williams, featured in the AP report, noted that without Microsoft’s explicit disclosure, assessing the fallout of this unprecedented attack on Outlook is challenging. Comparatively, Microsoft deflected a massive DDoS attack in 2021, peaking at 2.4 terabits per second (Tbps), and an even larger one in 2022 reaching 3.47Tbps. The volume of traffic bursts in the recent June onslaught remains uncertain.
The Technicalities of the Attack: Microsoft’s Analysis
In its blog post, Microsoft identified that the DDoS activity targeted OSI layer 7 – the application layer where services like email request data. The alleged attackers, dubbed Storm-1359 by Microsoft, were said to use botnets and tools to launch attacks from various cloud services and open proxy infrastructures, seemingly more interested in causing chaos and garnering attention than in any other objective.
While Microsoft remains tight-lipped on further details, the company’s proactive engagement with the crisis has been evident. Microsoft’s Office 365 services experienced disruptions earlier this month, later attributed to this DDoS attack. Despite no definitive word on the resolution, Microsoft offered some insights into the attack and advised users on how to safeguard against such future threats.
