On June 5, thousands of Microsoft 365 software suite users, including Outlook and Teams, faced service outages for over two hours. Later that month, Microsoft announced that the service disruption resulted from a cyberattack. As per Microsoft, there was a surge in traffic against some services due to a DDoS attack, which impacted the availability of the services. So, let’s dive deep into this 2023 6th outage of Microsoft services and see what we know so far about it.
What Happened on June 5?
Microsoft’s flagship office suite faced a serious service disruption on June 5, which included the Outlook email, cloud computing platform, and OneDrive file-sharing apps. Due to this disruption, thousands of users could not access these services. In fact, it was peaking at 18,000 outage reports on the tracker Downdetector immediately after 11 a.m. Eastern time.
Microsoft initially flagged the outage and said it was looking at the issue hindering access to Outlook on the web. Later, it also included OneDrive, SharePoint Online, and Microsoft Teams to the outage.
It took Microsoft around 1-2 hours to resolve the disruption and restore services to normal operation. After the initial disruption, Microsoft also faced more service disruption in the next few days. On June 8, BleepingComputer.com, a news site, reported about the global shutdown of the cloud-based OneDrive file-hosting service. Similarly, on June 9, Microsoft confirmed issues with the Azure portal.
Microsoft didn’t comment on how many users had been affected by disruptions and whether they had a global impact. But security experts say that DDoS attacks are capable of making websites unreachable, which can impact millions of users for companies like Microsoft.
Microsoft Investigation on the Outage
Microsoft initially hesitated to announce that it was a cyberattack and declared it a service disruption. However, Microsoft clarified that it was a DDoS attack on June 16 and dubbed it as Storm-1359.
A DDoS attack involves directing massive internet traffic towards the targeted servers to let them reach their max limit and knock them offline. According to Microsoft’s initial investigation, Storm-1359 had access to a wide range of botnets and tools that empowered attackers to initiate DDoS attacks through multiple cloud services and open proxy infrastructures. Microsoft declared it a layer 7 DDoS attack, which launched several attack traffic, including HTTP(S) flood attack, Cache bypass, and Slowloris.
According to Microsoft, the attackers’ agenda was to cause propaganda and disruption, so they bombard Microsoft servers with so-called botnets of zombie computers worldwide. However, Microsoft mentioned that there was no evidence so far that any customer data was compromised or accessed.
Who Was Behind the Attack?
A shadowy hacktivist group claimed responsibility for DDoS attacks on Microsoft online services. Later, it was confirmed that the “Anonymous Sudan” group was behind the attacks. The group verified its involvement through its Telegram channel.
This January, the Anonymous Sudan group came to the limelight and declared to deploy attacks on any country that opposed Sudan. The group is already involved in many attacks on various government institutions and organizations worldwide, either for stealing data or making them go offline.
Sudan is going through chaos due to a bloody civil war, so it is suspicious that the group is not working from there. There are likely chances that some Russian hacking groups might have ties with the Anonymous Sudan group.
Killnet and other pro-Russian hacking groups have been attacking the websites of the governments and other organizations of Ukraine allies with DDoS attacks. In fact, the groups even managed to bombard U.S. airport sites. So, there is a high possibility that the Anonymous Sudan group is not located in Sudan, as they claim. The group must be working with Killnet or/and pro-Kremlin groups to attack organizations and outspread pro-Russian propaganda.
Series of Outages Faced by Microsoft in the First Half of 2023
Microsoft is facing strong criticism from users due to continuous outages this year. Just in the first six months of 2023, Microsoft faced six major outages. Other than the June outage, the rest of the major outages that occurred are as follows:
- On May 9, Microsoft announced that it is investigating the malfunction causing UK users to cannot access some Microsoft 365 services.
- On April 24, Microsoft announced that it is investigating the malfunction faced by users who cannot use the search functionality in many Microsoft 365 services, such as Microsoft Teams, SharePoint Online, Outlook on the Web and Desktop, and Exchange Online.
- On April 20, Microsoft announced that it is investigating the high CPU utilization of components that handle back-end navigation feature APIs. This issue was causing users to be unable to access Teams and Microsoft 365 web applications.
- On February 7, Microsoft experienced a global outage in which users were unable to send, receive, or search emails on Outlook or use Teams. Within a couple of hours of the outage, Microsoft applied mitigation throughout the affected infrastructure, resulting in gradual recovery.
- On January 25, a Microsoft network change caused a global outage affecting many services, including OneDrive for Businesses, Outlook, Teams, SharePoint Online, and Microsoft Exchange Online.
Besides the above outages, Microsoft is also continuously experiencing minor outages and malfunctions. Moreover, Russian and Chinese hacking groups continuously seek to target Microsoft services. Recently, Microsoft is again facing criticism, as the Chinese hackers’ group managed to hack email accounts at the Commerce and State departments by exploiting a fundamental gap in Microsoft’s cloud.
2023 is not going in favor of Microsoft, as it is experiencing continuous outages and its vulnerabilities have made it a prime target for Russian and Chinese hacking groups. The June 5th outage due to the DDoS attack reflects the activeness of attackers and the negligence of Microsoft. Besides that, the increasing number of Microsoft’s global outages is also a concern. Overall, it does not seem that Microsoft won’t make it to the news in the remaining months of 2023, as new outages may pop up again. So, let’s see how this year ends for Microsoft.