In early June, complaints began surfacing on Twitter that Outlook was down for as many as 18,000 users at the height of what turned out to be a Distributed Denial-of-Service (DDoS) attack, according to a story in The associated press (AP) this morning. Microsoft acknowledged the attack in a blog post on Friday with some technical details and recommendations to protect against such attacks in the future.
The AP article said a spokeswoman (presumably for Microsoft, although it is not explicitly clear in the article) confirmed that the group is Anonymous Sudan, a group that has been active since at least January, an article in Cyber news, who reported on the attack on the day it occurred. According to that article, the group claimed the attack lasted about an hour and a half before it stopped.
According to a former attacking National Security Agency hacker named Jake Williams, quoted in the AP story, there’s “no way to measure the impact if Microsoft doesn’t provide that information,” and he didn’t know Outlook had been hit so hard before.
In 2021, Microsoft mitigated what was then one of the largest DDoS attacks ever, lasting more than 10 minutes with a peak traffic of 2.4 terabits per second (Tbps). In 2022, a attack reached 3.47 Tbps. It is not clear how large the traffic disruptions were in the attack in June.
The DDoS activity, Microsoft says in his blog post, targeted OSI layer 7 – that is the layer of a network where applications access network services. This is where your apps, such as email, call for their data. Microsoft believes the attackers, which it calls Storm-1359, used botnets and tools to launch their attacks “from multiple cloud services and open proxy infrastructures,” and that it appeared to be aimed at disruption and publicity.
We’ve reached out to Microsoft for comment and will update here if we receive a response.