Update (06/18/2023) – DJ
Anyone who is a user of Microsoft services must have noticed that, last Monday (12), OneDrive and others were unstable or offline for a few hours, thanks to a DDoS attack carried out against the Redmond giant and now, some days after the incident, the company went public to explain more about what happened (which can help other companies to prevent similar actions).
According to Microsoft, the attack took almost 15 hours to be mitigated and happened with the use of multiple VPS (Virtual Private Servers), proxies and rented cloud infrastructure, as well as DDoS tools for execution, but with no access or compromise to data. of users.
Also according to the company, the attack focused on layer 7 instead of layers 3 or 4, which made the company review and reinforce its protection with Firewall adjustments, thus protecting against similar attacks.
This recent DDoS activity has targeted layer 7 instead of layer 3 or 4. Microsoft has strengthened layer 7 protections, including tuning the WAF (Azure Web Application Firewall) to better protect customers from the impact of attacks similar DDoS.
Technically speaking, Microsoft also revealed deeper details regarding the attempt, identifying the threat actor as Storm-1359 and pointing to the use of tools that include HTTP(S) overload attack with millions of requests around the world, as well as bypassing the CDN layer to overload the original server and using the Slowloris tool, which focuses on keeping connections open for memory consumption.
Microsoft has assessed that Storm-1359 has access to a collection of botnets and tools that may allow the threat actor to launch DDoS attacks from various cloud services and open proxy infrastructures. Storm-1359 appears to be focused on disruption and publicity.
Still in the document, Microsoft brings some implementation suggestions for those who use the Azure cloud computing service, which can be seen in the document available on the official blog by clicking here.
original publication
Microsoft OneDrive Down for Several Hours After DDoS Attack from Hacker Group
Microsoft has confirmed that it has suffered a targeted attack on the servers of OneDrive, its cloud storage service. The malicious actors managed to carry out a distributed denial of service (DDoS) attack that left the platform offline and prevented access for its users in the last week.
The attack appears to have been carried out by a group of hackers known as Anonymous Sudan, which is also alleged to have been linked to other intrusions into Microsoft services. OneDrive went offline on Monday night (05), but the company mitigated the problemand the platform returned to normality in the early hours of Wednesday (07).
Distributed Denial of Service (DDoS) attacks consist of sending multiple requests to a web server in such a way that it exceeds its response capacity and makes its service temporarily unavailable on the network. In some cases, criminals demand payments to disable malware.
While Microsoft is yet to reveal details about the DDoS attack targeting OneDrive, responsibility for the incident has been claimed by Anonymous Sudan, a hacking group believed by experts to be linked to Russia. Members of the criminal organization released a message in their public group on Telegram.
“Microsoft, do you think we forgot about you?” said the criminals. “We are motivated to teach you liars a great lesson in honesty that none of your parents ever taught you. OneDrive is down, let’s see your new excuse now.”
The latest incident follows multiple outages to Microsoft’s web services. Earlier this month, Outlook and SharePoint Online also went down for unknown reasons, and now, the theory is that Anonymous Sudan could be related to the instabilities.
In a note, Microsoft told the site Bleeping Computer which is investigating the case and taking measures to protect customers and ensure the stability of its services. There were no reports or indications that users had lost data due to the attack.
