Microsoft has attributed the recent connectivity issues on its Azure Portal to a “traffic spike” - however a cybercrime group has also claimed responsibility for causing the outage.
In an update posted to the Azure status page, the company explained that the spike “impacted the ability to manage traffic to these sites”, resulting in customers not being able to use the service properly.
Users looking to access Azure cloud services were met with a, “We’re working to restore all services as soon as possible” message. Besides the Azure Portal, several other Microsoft services were also affected, including the Entra Admin center and Intune.
Distributed denial of service
"We engaged in different workstreams applying load balancing processes in addition to the auto-recovery operations in place in order to mitigate the issue. Additionally, we are continuing to monitor the platform health.,” Microsoft said.
Soon after the incident, a threat actor going by the name Anonymous Sudan claimed responsibility for the autage, saying that it engaged in a distributed denial of service (DDoS) attack. In a DDoS attack, a target endpoint is flooded with bogus traffic, rendering the server unable to process legitimate requests. For the users, the service they’re trying to access appears as if it’s offline. One might describe a DDoS attack as a traffic spike.
A few days prior to this attack, the company's OneDrive cloud storage platform was also hit with a DDoS attack, with the same threat actor assuming responsibility.
"Microsoft, you think we forgot you? We are motivated to teach you liars a very good lesson in honesty that none of your parents ever taught you," Anonymous Sudan allegedly said on Telegram. "Onedrive has been downed. Let's see your new excuse now."
Some media are claiming the group is affiliated with Russia, and possibly even Iran. The hackers were allegedly engaged in “anti-Israel activity” on Jerusalem day.
- Check out the best endpoint protection software around
Via: BleepingComputer
