Microsoft OneDrive outage left thousands of users unable to access their files and documents. The popular cloud storage service, Microsoft OneDrive, experienced an outage on Thursday, attributed to an alleged cyber attack carried out by the notorious Anonymous Sudan hacker group.
The OneDrive outage comes days after Anonymous Sudan claimed to have hacked Microsoft, allegedly holding the data of 30 million users.
In a tweet, threat intelligence service Falcon Feed shared screenshots of the Telegram posts by the hacker collective, where they mocked the tech giant and threatened to teach them a “very good lesson” in honesty.
At the time of writing, OneDrive had been restored, and users were able to access their accounts and documents.
The Cyber Express reached out to Microsoft for a statement regarding the alleged cyber attack. However, no official response has been received.
Microsoft releases update on the OneDrive outage
Microsoft did, however, provide an update on the service health status page, acknowledging the glitch and assuring users that they were actively investigating the issue.
It was revealed that more than 18,000 users had been affected by the OneDrive outage, as well as other Microsoft 365 products such as Word, Excel, and Outlook, reported tech42.co.kr.
The hacktivist group Anonymous Sudan quickly claimed responsibility for the cyber attack on Microsoft OneDrive.
In a post on Telegram, the group boasted about causing the outage. It hinted at carrying out distributed denial-of-service (DDoS) attacks against other Microsoft services earlier in the week.
Microsoft, aware of these claims, issued a statement confirming that they were investigating the matter and taking necessary steps to protect their customers and ensure service stability.
Microsoft’s mitigation efforts: Analyzing telemetry and load-balancing
The severity of the attack became more apparent as users experienced difficulties accessing OneDrive through web browsers.
The disruption persisted, leading Microsoft to analyze monitoring telemetry and implement load-balancing processes to fix OneDrive outage.
In an update, Microsoft clarified that access to OneDrive through desktop clients, synchronization clients, and Office applications remained unaffected.
“The impacted browser URL is onedrive.live.com. Access to the OneDrive service using the desktop client, a synchronization client or Office clients are not impacted,”, Microsoft said in a media statement.
The hacktivist group’s boldness was evident in a message on their dark web forum directed at Microsoft.
The message read, “Microsoft, you think we forgot you? We are motivated to teach you, liars, a very good lesson in honesty that none of your parents ever taught you. OneDrive has been shut down. Let’s see your new excuse now.”
Anonymous Sudan and geopolitical cyber attacks
Contrary to its name, Anonymous Sudan is not associated with the Sudan administration or the country’s cause, The Cyber Express reported earlier. Instead, there are indications that it may have connections to Russia’s Killnet hacking group.
Anonymous Sudan has been directing its attacks towards Israel and India, two countries that have recently maintained friendly relations with Russia. This makes it challenging to discern the true intentions and patterns behind the threat group’s actions.
While initially launching DDoS attacks on firms in Sweden, the Netherlands, Australia, and Germany, citing retaliation for anti-Muslim activities, further investigation has uncovered undisclosed connections.
Trustwave SpiderLabs researchers have revealed that Anonymous Sudan is likely a sub-group of Killnet, a threat actor group aligned with pro-Russian interests, with whom they have openly associated..
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.