Microsoft is investigating claims by an alleged hacktivist group that it launched a series of DDoS attacks that disrupted the company’s OneDrive and other Microsoft 365 services.
The company suffered a series of outages this week that impacted a range of services, including Microsoft Teams, SharePoint Online and OneDrive for Business. The OneDrive disruption was still impacting customers as of Thursday.
The group, known as Anonymous Sudan, has claimed credit for the alleged DDoS attacks and made additional threats against the company. Microsoft officials acknowledged the public claims and are working to fully restore services.
“We are aware of these claims and are investigating,” a Microsoft spokesperson said via email. “We are taking the necessary steps to protect customers and ensure the stability of our services.”
Researchers at Truesec confirmed that Anonymous Sudan has claimed credit for the alleged attacks, according to CEO Tomas Sjöström. The firm has been closely monitoring the activities of the group.
According to research published earlier this year, Anonymous Sudan has publicly identified itself as a politically motivated hacktivist. However, the actor has been connected to an alleged Russia-backed information operation.
Truesec, in a blog post from February, linked the group to attacks against Sweden during that country’s attempt to gain NATO membership.
Mattias Wahlen, a threat intelligence expert at Truesec, said the group has evolved from hactivism to extortion attacks. The group tried to blackmail Microsoft, threatening to launch DDoS attacks against the company, Wahlen said. The group also tried to previously extort Scandinavian airliner SAS.
“This is clearly just cybercrime, rather than online activism,” Wahlen said via email.
Researchers at Trustwave linked Anonymous Sudan to attacks against various organizations linked to Germany, the Netherlands and Australia. Some research has linked the actor to the hacktivist group Killnet, which has supported Russia since the outbreak of war in Ukraine.
It is unclear what the specific motivation would be to attack Microsoft. The attacks have been highly disruptive to the company’s core business users. Not only have Microsoft 365 services been impacted, but Outlook desktop users reported being unable to access services earlier in the week.