Microsoft OneDrive went down after a spate of DDoS attacks

Concept art representing cybersecurity principles
Nytt DDoS-rekord (Image credit: Shutterstock / ZinetroN)

This Thursday, Microsoft’s cloud services were targets of a Distributed Denial of Service (DDoS) attack, which managed to bring OneDrive down for some users. 

As reports started coming in of users being unable to open their OneDrives and getting the “This page isn’t working right now” message, a threat actor going by “Anonymous Sudan” took responsibility for the attack. 

Microsoft acknowledged the attack quickly and deployed mitigation measures. It said on its service health status page:

"We're investigating a potential issue and checking for impact to your organization. We'll provide an update within 30 minutes," the company said. "We're reviewing OneDrive telemetry that captures this impact scenario to determine the source of the service access failures and begin identifying a mitigation plan."

Russian and Iranian threat actors

While Anonymous Sudan’s motives are unknown, the threat actor seems to be linked to Russia, BleepingComputer reports. The same threat actor was engaged in “anti-Israel activity” on Jerusalem Day, Israel’s 780th Military Intelligence Brigade tweeted last month, arguing that the group could be affiliated with Iran, as well.

Anonymous Sudan actor seems to have targeted other Microsoft services with DDoS attacks earlier this week, as well.

"Microsoft, you think we forgot you? We are motivated to teach you liars a very good lesson in honesty that none of your parents ever taught you," Anonymous Sudan allegedly said on Telegram. "Onedrive has been downed. Let's see your new excuse now."

Previously, the hackers targeted Outlook, SharePoint Online, and OneDrive for Business, it was said.

In the meantime, Microsoft mitigated the attacks and confirmed that just was affected. 

"The impacted browser URL is Access to the OneDrive service using the desktop client, a synchronization client or Office clients are not impacted," Microsoft said. "We're continuing to analyze monitoring telemetry and performing load-balancing processes to provide relief."

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.