This Thursday, Microsoft’s cloud services became the target of a Distributed Denial of Service (DDoS) attack, which was successful A ride unavailable for some users.
When reports came in that users couldn’t open their OneDrives and received the message “This page is currently not working”, a threat actor called Anonymous Sudan claimed responsibility for the attack.
Microsoft quickly recognized the attack and took countermeasures. The service health status page stated:
“We’re investigating a potential issue and seeing if it impacts your business. We will provide an update within 30 minutes,” the company said. “We are reviewing OneDrive telemetry capturing this impact scenario to determine the root cause of the service access failures and begin developing a remediation plan.”
Russian and Iranian threat actors
While Anonymous Sudan’s motives are unknown, the threat actor appears to be linked to Russia, BleepingComputer reports. The same threat actor was engaged in “anti-Israel activity” on Jerusalem Day, Israel’s 780th Military Intelligence Brigade tweeted last month, arguing that the group could also be linked to Iran.
The anonymous Sudanese actor appears to have also targeted other Microsoft services with DDoS attacks earlier this week.
“Microsoft, do you think we forgot you? We are motivated to teach you liars a very good lesson in honesty that none of your parents ever taught you,” Anonymous Sudan reportedly said on Telegram. “Onedrive has shut down. Now let’s look at your new excuse.”
The hackers had previously targeted Outlook, SharePoint Online and OneDrive for Business, it said.
Meanwhile, Microsoft has mitigated the attacks and confirmed that only onedrive.live.com was affected.
“The affected browser URL is onedrive.live.com. Access to the OneDrive service via the desktop client, a sync client, or Office clients is not affected,” Microsoft said. “We continue to analyze monitoring telemetry and perform load balancing processes to remedy the situation.”
Above: bleeding computer
