This Thursday, Microsoft’s cloud services were targets of a Distributed Denial of Service (DDoS) attack, which managed to bring OneDrive down for some users.
As reports started coming in of users being unable to open their OneDrives and getting the “This page isn’t working right now” message, a threat actor going by “Anonymous Sudan” took responsibility for the attack.
Microsoft acknowledged the attack quickly and deployed mitigation measures. It said on its service health status page:
“We’re investigating a potential issue and checking for impact to your organization. We’ll provide an update within 30 minutes,” the company said. “We’re reviewing OneDrive telemetry that captures this impact scenario to determine the source of the service access failures and begin identifying a mitigation plan.”
Russian and Iranian threat actors
While Anonymous Sudan’s motives are unknown, the threat actor seems to be linked to Russia, BleepingComputer reports. The same threat actor was engaged in “anti-Israel activity” on Jerusalem Day, Israel’s 780th Military Intelligence Brigade tweeted last month, arguing that the group could be affiliated with Iran, as well.
Anonymous Sudan actor seems to have targeted other Microsoft services with DDoS attacks earlier this week, as well.
“Microsoft, you think we forgot you? We are motivated to teach you liars a very good lesson in honesty that none of your parents ever taught you,” Anonymous Sudan allegedly said on Telegram. “Onedrive has been downed. Let’s see your new excuse now.”
Previously, the hackers targeted Outlook, SharePoint Online, and OneDrive for Business, it was said.
In the meantime, Microsoft mitigated the attacks and confirmed that just onedrive.live.com was affected.
“The impacted browser URL is onedrive.live.com. Access to the OneDrive service using the desktop client, a synchronization client or Office clients are not impacted,” Microsoft said. “We’re continuing to analyze monitoring telemetry and performing load-balancing processes to provide relief.”