Microsoft has officially confirmed that a series of distributed denial-of-service (DDoS) attacks on its services earlier this month were orchestrated by a group called Anonymous Sudan. In a blog post, Microsoft acknowledged that the attacks temporarily disrupted access to Outlook, OneDrive, and several other online services. The company revealed that the attacks primarily aimed to generate publicity for a threat actor named Storm-1359, a designation Microsoft uses for groups whose affiliation it has yet to definitively establish.
Although Microsoft initially provided limited information about the incident, it now confirms that no customer data was accessed or compromised. The company believes Storm-1359 likely employed a combination of virtual private servers and rented cloud infrastructure to carry out the attacks. The full extent of the impact and the number of affected Microsoft customers remain unclear.
Anonymous Sudan, which emerged at the beginning of 2023, claimed to target countries involved in Sudanese politics and promoting anti-Muslim policies. However, cybersecurity researchers suspect that the group may be linked to the Kremlin-affiliated Killnet gang, suggesting that the Sudanese reference is a false flag intended to mislead observers. This suspicion gained further traction when Anonymous Sudan announced the formation of a “Darknet Parliament” in collaboration with Killnet and Revil, another pro-Russian gang. As their first target, the alliance threatened to attack SWIFT, the international interbanking system from which the US and EU had disconnected Russia in response to its invasion of Ukraine in early 2022.
Microsoft’s confirmation of Anonymous Sudan’s responsibility highlights the ongoing challenges posed by cyberthreats and the importance of maintaining robust cybersecurity measures. As investigations into the incident continue, Microsoft and other entities will likely enhance their defenses to mitigate the risk of future attacks and protect user data.