Microsoft says these attacks use access to multiple virtual private servers (VPS) in combination with cloud infrastructure rentals, proxies, and distributed denial-of-service (DDoS) attack tools. Storm-#### (formerly DEV-####) is a temporary designation that the Windows owner assigns to unidentified, emerging, or developing groups whose identity or affiliation has not been clearly established.
While there was no evidence that any customer data was accessed illegally, Microsoft said the attacks temporarily affected the availability of some services. The Redmond-based company said it had further observed the group launching Layer 7 DDoS attacks from multiple cloud services and open proxy infrastructures.
It involves mass attacks on target services with a large volume of HTTP(S) requests; the attacker attempts to bypass the CDN layer and overload the servers using a technique known as Slowloris.
Microsoft's Security Response Center (MSRC) stated that these DDoS attacks originate from clients opening connections to web servers, requesting resources (e.g., images) but failing to confirm downloads or delaying acceptance, forcing the server to keep the connection open and the requested resources in memory.
Anonymous Sudan claims responsibility for the DDoS attack on Microsoft services.
As a result, Microsoft 365 services such as Outlook, Teams, SharePoint Online, and OneDrive for Business experienced outages in early May, with the company stating it detected an anomaly from the surge in request rates. Traffic analysis revealed that a large number of HTTP requests bypassed existing automatic safeguards and triggered service unavailability responses.
The hacker group Anonymous Sudan claimed responsibility for the attacks, but Microsoft did not link Storm-1359 to them. Anonymous Sudan had previously launched DDoS attacks against organizations in Sweden, the Netherlands, Australia, and Germany since the beginning of the year.
Analysts at Trustwave said the group openly links to Russia's KillNet, which often uses the narrative of protecting Islam as a justification for its attacks. KillNet also gained attention for DDoS attacks targeting healthcare organizations hosted on Microsoft Azure, which saw nearly 60 attacks daily in February 2023.
Anonymous Sudan collaborated with KillNet and REvil to form the "DARKNET parliament" and orchestrated cyberattacks on financial institutions in Europe and the US, with the primary objective of paralyzing SWIFT operations. Flashpoint's records indicate KillNet's motives were primarily financial, using Russian support to promote its rented DDoS services.
Source link
![[Photo] Enchanting ancient rose garden on the mountainside in Nghe An](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F19%2F1766109900916_vuon-hong-chin-do-thu-hut-du-khach-toi-check-in-o-ha-noi-3-20162778-1671624890024-1671624890104198100259.jpeg&w=3840&q=75)
![[Photo] General Secretary To Lam visits the exhibition space showcasing books, photo exhibitions, and achievements of digital transformation in journalism.](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F19%2F1766110879215_1766110240024-jpg.webp&w=3840&q=75)
![[INFOGRAPHIC] Overview of the Hoa Phat Dung Quat Rail and Special Steel Production Plant Project](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/19/1766111183203_z7339170069817-126a3e5a095f62e606a0be41015c1b80.jpeg)
Comment (0)