Microsoft says more about the cyberattack that recently hit its Outlook and OneDrive services. We learn in particular that it is a rather rudimentary action by denial of service (DDoS) and that it would have a geo-political motive.
Anonymous Sudan is the name of the group of hackers who claimed responsibility earlier in June for an attack on several Microsoft online services, including Outlook and OneDrive. The latter had notably compromised access to these various platforms for a few hours. Rather discreet on the issue at first, Microsoft is now speaking publicly about this attack and gives more details on the hackers’ modus operandi. In a press release shared on June 16, the company confirms, among other things, that it has been the target of a series of distributed denial of service attacks and adds that some of its services have indeed been “ temporarily impacted by this action.
The firm also specifies that this series of attacks was mainly intended to generate “publicity” for a threat actor nicknamed “Storm-1359” internally. As specified Engadgetthis name is not chosen by chance, Microsoft often using, in this context, the word “Storm” to designate the groups of hackers whose affiliation it has not yet definitively established.
Should users be worried?
However, Microsoft wants to be reassuring. ” We found no evidence that customer data was accessed or compromised “, explains in particular the group. However, it is not known how many users may have been affected by the attack led by Anonymous Sudan, which could also have been global. According to Microsoft, the hacker group likely relied on a combination of virtual private servers and rented clouds to carry out its operations. It remains to be seen that it would be the affiliation of the group Anonymous Sudan.
According to the specialized site Bleeping Computer, this group began its misdeeds in early 2023, initially targeting countries accused of interference in Sudanese politics, or which promote policies deemed anti-Muslim. Some security researchers believe, however, that all this is really just a cover, and that the Anonymous Sudan group is in fact a fake nose of Killnet, another group of hackers this time affiliated with the Kremlin, and therefore with the regime of Vladimir Poutine.
A track which tends to be confirmed since Anonymous Sudan announced that it wanted to set up a “Parliament of the Darknet” with Killnet… but also with Revil, another pro-Russian group, reports Engadget. This triple agreement also threatened to attack the SWIFT interbank system, access to which was forbidden to Russia in early 2022, in response to its invasion of Ukraine.