{"id":2526,"date":"2023-07-03T06:17:19","date_gmt":"2023-07-03T13:17:19","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=2526"},"modified":"2023-09-27T13:18:25","modified_gmt":"2023-09-27T20:18:25","slug":"the-group-responsible-for-recent-microsoft-onedrive-and-365-outages","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/the-group-responsible-for-recent-microsoft-onedrive-and-365-outages\/","title":{"rendered":"The group responsible for recent Microsoft OneDrive and 365 outages"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

A few weeks ago, Microsoft\u2019s OneDrive and 365 services, such as Microsoft Teams and Sharepoint, experienced outages<\/a> due to a series of distributed denial-of-service (DDoS) attacks. According to Cybersecurity Dive<\/a>, a hacktivist group called Anonymous Sudan claimed they were behind the attack and made even more threats against the tech giant. 
<\/p>\n\n\n\n\n\n\n\n

A Microsoft spokesperson has said they know these claims and are investigating further. Meanwhile, security<\/a> experts are doing some investigations of their own. <\/p>\n\n\n\n

What is Anonymous Sudan?<\/h2>\n\n\n\n

Also known as Storm-1359, Anonymous Sudan claims to be an African-based hacktivist group launching cyberattacks on behalf of oppressed Muslims around the world. They say their attack against Microsoft was retaliation for US policy around Sudan\u2019s military conflict.
<\/p>\n\n\n\n

Although Anonymous Sudan has claimed to be a politically motivated hacktivist group, experts believe that their track record shows otherwise. These days, their main focus seems to be extortion. Before Microsoft, they also targeted Swedish airline SAS and companies in Israel. Mattias W\u00e5hl\u00e9n, a threat intelligence expert at Truesec, told Cybersecurity Dive that this behavior is \u201cclearly just cybercrime, rather than online activism.\u201d 
<\/p>\n\n\n\n

Furthermore, experts also believe that the group has ties to Russia rather than Africa. Truesec published a report<\/a> back in February highlighting this, focusing on the group\u2019s attempts to complicate Sweden’s NATO application. Their attacks also tend to coincide with increased hostilities in countries aligned against Russia.
<\/p>\n\n\n\n

Beyond extortion, another key goal for the group is presenting Russia as a true haven for Muslims over the West. Mattias W\u00e5hl\u00e9n told Bloomberg<\/a>: 
<\/p>\n\n\n\n

\u201cAnonymous Sudan is a Russian information operation that aims to use its Islamic credentials to be an advocate for closer cooperation between Russia and the Islamic world \u2013 always claiming that Russia is the Muslims\u2019 friend. This makes them a useful proxy.\u201d
<\/p>\n\n\n\n

Bloomberg News contacted Anonymous Sudan about these claims, which they deny. A representative said they were not acting on Russia\u2019s behalf, but their goals just so happened to align and that \u201call countries that are hostile to Islam are hostile to Russia.\u201d<\/p>\n\n\n\n

More about the Microsoft cyberattack<\/h2>\n\n\n\n

Several weeks later, Microsoft posted a response<\/a> to the cyberattack, focusing on the technical aspect rather than the political. Like other Anonymous Sudan attacks, these attacks targeted layer 7 (the application layer) of their server infrastructure, which receives input from users who are served content in response. This can be a computationally draining process which makes it an appealing target. Microsoft says the attacks likely relied on access to multiple virtual private servers, as well as rented cloud infrastructure, open proxies, and DDoS tools. 
<\/p>\n\n\n\n

Following the attacks, Microsoft hardened its layer 7 protections which included tuning its Azure Web Application Firewall (WAF) to better handle similar DDoS attacks in the future. Microsoft recommends that its customers use similar layer 7 protection services to protect<\/a> their web applications.\u00a0
<\/p>\n","protected":false},"excerpt":{"rendered":"

A few weeks ago, Microsoft\u2019s OneDrive and 365 services, such as Microsoft Teams and Sharepoint, experienced outages due to a series of distributed denial-of-service (DDoS) attacks. According to Cybersecurity Dive, a hacktivist group called Anonymous Sudan claimed they were behind the attack and made even more threats against the tech giant. <\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2526","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=2526"}],"version-history":[{"count":4,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2526\/revisions"}],"predecessor-version":[{"id":2668,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2526\/revisions\/2668"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=2526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=2526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=2526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}