Microsoft said the attacks used access to multiple virtual private servers (VPS) in combination with rented cloud infrastructure, proxies, and distributed denial of service (DDoS) attack tools. Storm-#### (formerly DEV-####) is the temporary designation that the Windows maker assigns to unknown, emerging, or growing groups whose identities or affiliations are not yet clearly established.
While there is no evidence that any customer data was accessed without authorization, Microsoft said the attacks temporarily affected the availability of some services. The Redmond-based company said it observed additional groups launching Layer 7 DDoS attacks from multiple cloud services and open proxy infrastructure.
It involves flooding targeted services with a large number of HTTP(S) requests; the attacker attempts to bypass the CDN layer and overload servers with a technique known as Slowloris.
The Microsoft Security Response Center (MSRC) said these DDoS attacks originate from clients opening connections to web servers, requesting resources (e.g. images) but either not acknowledging the download or being slow to accept it, forcing the server to keep the connection open and the requested resource in memory.
Anonymous Sudan Claims Responsibility for DDoS Attack on Microsoft Services
As a result, Microsoft 365 services like Outlook, Teams, SharePoint Online, and OneDrive for Business went down earlier this month, with the company saying it detected anomalies from high request rates. Traffic analysis showed that the number of HTTP requests bypassed existing automated safeguards and triggered the service's unavailable response.
The hacker group Anonymous Sudan has claimed responsibility for the attacks, but Microsoft has not linked Storm-1359 to the group. Anonymous Sudan has launched DDoS attacks against organizations in Sweden, the Netherlands, Australia, and Germany since the beginning of the year.
Analysts at Trustwave said the group has openly linked itself to Russia’s KillNet, which often uses a defense of Islam narrative as the reason behind its attacks. KillNet has also drawn attention for its DDoS attacks against healthcare organizations hosted on Microsoft Azure, which increased to nearly 60 daily attacks in February 2023.
Anonymous Sudan has teamed up with KillNet and REvil to form the “DARKNET parliament” and orchestrate cyberattacks on financial institutions in Europe and the United States with the primary mission of crippling SWIFT. Flashpoint’s profile suggests KillNet’s motives are primarily financial, using Russian support to promote its DDoS-for-hire services.
Source link
![[Photo] General Secretary To Lam works with the Central Policy and Strategy Committee](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/5/28/7b31a656d8a148d4b7e7ca66463a6894)
![[Photo] Prime Minister Pham Minh Chinh receives a bipartisan delegation of US House of Representatives](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/5/28/468e61546b664d3f98dc75f6a3c2c880)
![[Photo] Vietnamese and Hungarian leaders attend the opening of the exhibition by photographer Bozoky Dezso](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/5/28/b478be84f13042aebc74e077c4756e4b)
![[Photo] 12th grade students say goodbye at the closing ceremony, preparing to embark on a new journey](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/5/28/42ac3d300d214e7b8db4a03feeed3f6a)
Comment (0)