Microsoft has confirmed disruption to its Microsoft 365 apps earlier this month due to DDoS attack.
Microsoft published the details of the DDoS attack, which was carried out by a threat actor it refers to as Storm-1359. The group who claimed responsibility for the attack calls itself Anonymous Sudan.
The attack against Microsoft’s services started on June 5, and impacted Outlook on the web first. Access to OneDrive was also impacted. Microsoft said the attacks most likely relied on “multiple virtual private servers in conjunction with rented cloud infrastructure, open proxies, and DDoS tools” and focused on Layer 7, which is the application layer of the internet.
Beyond that, no in-depth detail was given, but Microsoft did confirm that no customer data was accessed of compromised.
It also took the opportunity to recommend using Azure Web Application Firewall (WAF) if organizations want to protect themselves from similar Layer 7 attacks.