Earlier this month, Microsoft noticed excessive traffic coming in through their services like OneDrive. They launched an investigation into the matter and identified a DDoS attack by a threat actor which they named Storm-1359. Storm is a general identifier that security experts at Microsoft use to refer to anonymous threat actors.
Later it was disclosed that the attack was launched by a hacker group by the name of Anonymous Sudan. According to a blog post by Microsoft, ‘These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.’
DDoS stands for distributed denial of service. These attacks are mounted by sending fake traffic to a target server in excessive amounts. The goal is to overload the servers’ computation powers so that the services are not available to legitimate users. In this case, the hackers used HTTP(S) flood attack, Cache bypass and Slowloris attack types to paralyze the systems.
Also Read – Halo is Losing Its Flagship Status in the Microsoft Gaming Universe
Anonymous Sudan has been active since the beginning of this year. They’re supposedly campaigning against countries that meddle in Sudanese politics and promote anti Islam policies. But security experts claim that their Sudanese connection is a facade, they are actually a pro-russian group. This claim is further strengthened by the fact that the group recently announced the formation of a “Darknet parliament” with Revil, Killnet, and other Russian gangs, whose first order of business is targeting SWIFT, an interbanking system that cut Russia after its invasion of Ukraine in 2022.
Microsoft said, “We have seen no evidence that customer data has been accessed or compromised.” Nevertheless, the tech-giant has shared advice for users on protecting their online resources. They have also strengthened protection against layer 7 DDoS attacks to avoid future interference.