Skip to main content
close search
site logo

Microsoft investigating threat actor claims following multiple outages in 365, OneDrive

A hacktivist group known as Anonymous Sudan has claimed to be involved in DDoS attacks.

Published June 9, 2023
David Jones's headshot
Reporter
A logo sits illuminated outside the Microsoft pavilion on the opening day of the World Mobile Congress at the Fira Gran Via Complex on February 22, 2016 in Barcelona, Spain.
A logo sits illuminated outside the Microsoft pavilion on the opening day of the World Mobile Congress at the Fira Gran Via Complex on February 22, 2016 in Barcelona, Spain. David Ramos via Getty Images

Microsoft is investigating claims by an alleged hacktivist group that it launched a series of DDoS attacks that disrupted the company’s OneDrive and other Microsoft 365 services. 

The company suffered a series of outages this week that impacted a range of services, including Microsoft Teams, SharePoint Online and OneDrive for Business. The OneDrive disruption was still impacting customers as of Thursday. 

The group, known as Anonymous Sudan, has claimed credit for the alleged DDoS attacks and made additional threats against the company. Microsoft officials acknowledged the public claims and are working to fully restore services. 

“We are aware of these claims and are investigating,” a Microsoft spokesperson said via email. “We are taking the necessary steps to protect customers and ensure the stability of our services.”

Researchers at Truesec confirmed that Anonymous Sudan has claimed credit for the alleged attacks, according to CEO Tomas Sjöström. The firm has been closely monitoring the activities of the group. 

According to research published earlier this year, Anonymous Sudan has publicly identified itself as a politically motivated hacktivist. However, the actor has been connected to an alleged Russia-backed information operation. 

Truesec, in a blog post from February, linked the group to attacks against Sweden during that country’s attempt to gain NATO membership. 

Mattias Wahlen, a threat intelligence expert at Truesec, said the group has evolved from hactivism to extortion attacks. The group tried to blackmail Microsoft, threatening to launch DDoS attacks against the company, Wahlen said. The group also tried to previously extort Scandinavian airliner SAS.

“This is clearly just cybercrime, rather than online activism,” Wahlen said via email.

Researchers at Trustwave linked Anonymous Sudan to attacks against various organizations linked to Germany, the Netherlands and Australia. Some research has linked the actor to the hacktivist group Killnet, which has supported Russia since the outbreak of war in Ukraine.

It is unclear what the specific motivation would be to attack Microsoft. The attacks have been highly disruptive to the company’s core business users. Not only have Microsoft 365 services been impacted, but Outlook desktop users reported being unable to access services earlier in the week.

Filed Under: Cyberattacks, Threats

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell