uTalk

thrive

Member

Registered: 2023-01-04

Posts: 2,018

Microsoft blames Azure, Outlook, & OneDrive outages on big DDoS attack

Microsoft said on Friday that an unclassified cluster it monitors by the name Storm-1359 was to blame for a series of service outages earlier this month that affected Azure, Outlook, and OneDrive.

The tech giant wrote in a post on Friday that the attacks "likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.".

The Windows manufacturer gives unidentified, emerging, or developing groups whose identity or affiliation haven't been conclusively established yet the temporary moniker Storm.

The company stated the attacks "temporarily impacted availability" of some services, despite the fact that there is no proof that any customer data was accessed or compromised. Redmond claimed to have seen the threat actor launch layer 7 DDoS attacks from various open proxy infrastructures and cloud services.

This includes Slowloris attacks, CDN bypass attacks, and HTTP(S) flood attacks, which overload the origin servers by flooding them with HTTP(S) requests.

"In this attack, the client connects to a web server, requests a resource (such as a file), and then closes the connection.
g.
, an image), and then refuses to acknowledge the download (or accepts it slowly)," according to the Microsoft Security Response Center (MSRC). By doing this, the web server is compelled to maintain the connection open and the requested resource in memory. ".

At the beginning of the month, Microsoft 365 services including Outlook, Teams, SharePoint Online, and OneDrive for Business went down. The company later reported that it had discovered an "anomaly with increased request rates.". ".

"Traffic analysis revealed an anomalous spike in HTTP requests being issued against Azure portal origins, bypassing existing automatic preventive measures," it said. This resulted in the service unavailable response.

The "murky upstart" is primarily focused on disruption and publicity, according to Microsoft's further description. The attacks were carried out, according to the hacktivist collective Anonymous Sudan. Nevertheless, it's important to note that the company hasn't made a clear connection between Storm-1359 and Anonymous Sudan.

Anonym Sudan: Who is He?
Since the beginning of the year, DDoS attacks by Anonymous Sudan against Swedish, Dutch, Australian, and German organizations have caused a stir in the threat landscape.

The adversary is most likely an offshoot of the pro-Russian threat actor group KillNet, which first gained notoriety during the Russian-Ukrainian conflict last year, according to an analysis from Trustwave SpiderLabs in late March 2023.

"It has publicly allied itself with the Russian group KillNet, but for reasons only its operators know, prefers to use the story of defending Islam as the reason behind its attacks," Trustwave said.

In addition, KillNet has come under fire for its DDoS attacks on healthcare organizations running on Microsoft Azure, which increased from 10 to 20 attacks per day in November 2022 to 40 to 60 attacks per day in February 2023.

The Kremlin-connected group, which first surfaced in October 2021, has also founded a "private military hacking company" called Black Skills in an effort to give its cyber mercenary activities a professional air.

Given its cooperation with KillNet and REvil to create a "DARKNET parliament" and plan cyberattacks against European and U.S. targets, Anonymous Sudan's connections to Russia have also come to light.
S.
institutions of finance. A message published on June 14, 2023 stated that "Task Number One is to Paralyze the Work of SWIFT.".

Despite its nationalistic agenda, KillNet has been primarily motivated by financial goals, using the eager support of the Russian pro-Kremlin media ecosystem to promote its DDoS-for-hire services, according to a profile of the adversary published by Flashpoint last week.

In order to target darknet markets that specialize in selling drugs, KillNet has also teamed up with a number of botnet providers and the Deanon Club, a partner threat group with which KillNet co-created Infinity Forum. ".