Outlook.com, part of Microsoft 365, is suffering from ongoing distributed denial of service (DDoS) cyberattacks over the past couple of days, with hacktivists known as Anonymous Sudan claiming responsibility. The outages are affecting Outlook.com users globally, preventing users from accessing, reading, or sending emails on either Outlook.com or the mobile Outlook app.
Microsoft confirmed the outage as a “technical difficulty” on Monday, June 5 2023 at noon Eastern, according to a Twitter response.
Anonymous Sudan claims responsibility for Outlook.com Outage
However, the user-reported downtime tweets and Microsoft’s acknowledgment all coincide with Anonymous Sudan’s proclamation that they were responsible for launching the DDoS attacks.
“❗️Microsoft, the fate of your services is under our hands, we decide when to shut it down and when to leave it open,” Anonymous Sudan said.
The group specifically calls out the United States government and U.S. Secretary of State Antony Blinken in the attack. Blinken visited Saudi Arabia last week to discuss ways to assist the ongoing crisis in Sudan.
“We can target any US company we want. Americans, do not blame us, blame your government for thinking about intervening in Sudanese internal affairs. We will continue to target large US companies, government and infrastructure,” Anonymous Sudan proclaimed.
Microsoft was asked for further comment by major cybersecurity blogs such as BleepingComputer, but as of this posting, have not officially commented.
DDoS cyber attacks: A nuisance but not much more
DDoS attacks are largely used for disrupting the availability of services and applications that are hosted in the cloud, such as Microsoft 365. They usually do not result in any loss of data or compromise of credentials.
Some cybersecurity experts may argue that DDoS cyber attacks don’t even constitute a “hack” or “cyber attack” in the broadest definition of the terms. However, DDoS attacks do deny legitimate user access to applications and services by flooding servers with automated, robotic requests that overwhelm capacity and result in downtime to the service or application.
Groups such as the Russian-affiliated cyber gang KillNet launched multiple DDoS attacks against many targets in the last year alone. Most notably, the group targeted U.S. airport websites in October 2022. The airport websites were mostly back online within a day.
The potential for greater damage exists when DDoS attacks can be used as either a diversion or tactic to confuse or deny a target’s availability to service while conducting other cyber offensive operations. Russian nation-state actors aligned with the Kremlin have chained DDoS cyber attacks against Ukraine while performing other cyber espionage activities, for example.
