Microsoft says June Outlook outages were a DDoS attack
In early June, complaints began cropping up on Twitter that Outlook was down for as many as 18,000 users at the peak of what, it turns out, was a Distributed Denial-of-Service (DDoS) attack, according to a story in The Associated Press (AP) this morning. Microsoft acknowledged the attack in a blog post on Friday, offering some technical details and recommendations for guarding against such attacks in the future.
The AP article said a spokeswoman (presumably for Microsoft, though it’s not explicitly clear in the article) confirmed the group to be Anonymous Sudan, a group that has been active since at least January, says an article in Cybernews, which reported on the attack the day it happened. Per that article, the group claimed its attack lasted about an hour and a half before it stopped.
According to a former National Security Agency offensive hacker named Jake Williams quoted in the AP story, there is “no way to measure the impact if Microsoft doesn’t provide that info,” and he wasn’t aware of Outlook having been hit this hard before.
In 2021, Microsoft mitigated what was then one of the largest DDoS attacks ever recorded, which lasted more than 10 minutes with traffic peaking at 2.4 terabits per second (Tbps). In 2022, an attack reached 3.47Tbps. It’s not clear how large traffic bursts were in the June attack.
The DDoS activity, Microsoft says in its blog post, targeted OSI layer 7 — that is, the layer of a network where applications access network services. It’s where your apps, like email, call out for their data. Microsoft believes the attackers, which it calls Storm-1359, used botnets and tools to launch its attacks “from multiple cloud services and open proxy infrastructures,” and that it appeared to be focused on disruption and publicity.
We’ve reached out to Microsoft for comment, and will update here if we receive a response.
In early June, complaints began cropping up on Twitter that Outlook was down for as many as 18,000 users at the peak of what, it turns out, was a Distributed Denial-of-Service (DDoS) attack, according to a story in The Associated Press (AP) this morning. Microsoft acknowledged the attack in a…
Recent Posts
- Jack Dorsey says he’s no longer on Bluesky’s board
- 4 movies new to Hulu with over 90% on Rotten Tomatoes
- A US supercomputer with 8,000 Intel Xeon CPUs and 300TB of RAM is being auctioned — 160th most powerful computer in the world has some maintenance issues though and will cost thousands per day to run
- Tesla plans to charge some Model Y owners to unlock more range
- ChromeOS adopts a new default font – and surprisingly, I don’t hate it
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011