Earlier this month, Microsoft 365 experienced a widespread outage affecting numerous users, as reported by outage tracking website Downdetector. The company’s official Twitter account, Microsoft 365 Status, acknowledged the outage on June 5 and later confirmed that the situation was under control. However, Microsoft continued to investigate the cause of the disruption and has now revealed that the outages were the result of a Distributed Denial-of-Service (DDoS) attack.
In a blog post, Microsoft stated, “Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.” A DDoS attack is a malicious cyberattack aimed at overwhelming a server, service, or network by flooding it with excessive internet traffic.
The company mentioned that these attacks likely involved the utilization of multiple virtual private servers (VPS), rented cloud infrastructure, open proxies, and DDoS tools. Although a group called Anonymous Sudan claimed responsibility for the attacks on its Telegram social media channel, Microsoft did not disclose the extent of the impact or the number of affected customers. However, the company assured users that there was no evidence of customer data being accessed or compromised.
According to Microsoft, the DDoS activity primarily targeted layer 7 rather than layer 3 or 4. In response, the company reinforced layer 7 protections and fine-tuned the Azure Web Application Firewall (WAF) to enhance defense against similar DDoS attacks in the future.
Numerous users reported issues with their Outlook desktop client during the attack. Both Windows and macOS users experienced difficulties sending emails and accessing the service.