Thousands of Microsoft OneDrive users were left unable to access their files and documents on Thursday due to an outage of the popular cloud storage service. The cause of the outage was later attributed to an alleged cyber attack by the known Anonymous Sudan hacker group, just days after the group claimed to have hacked into Microsoft, holding the data of 30 million users. Falcon Feed, a threat intelligence service, shared screenshots of the Telegram posts by the hacker collective, where they mocked the tech giant and threatened to teach them a “very good lesson” in honesty. As of writing, OneDrive had been restored, and users were able to access their accounts and documents.
The Cyber Express reached out to Microsoft for a statement on the incident. The software company provided an update on their service health status page, acknowledging the glitch and assuring users that they were investigating the issue. According to tech42.co.kr, more than 18,000 users were affected by the OneDrive outage, along with other Microsoft 365 products, including Word, Excel, and Outlook.
The hacktivist group, Anonymous Sudan, quickly claimed responsibility for the cyber attack on Microsoft OneDrive. On Telegram, the group boasted about causing the outage. It hinted at carrying out distributed denial-of-service (DDoS) attacks against other Microsoft services earlier in the week. In response, Microsoft issued a statement stating that they were investigating the matter and taking necessary steps to protect their customers and ensure service stability.
The severity of the attack became more apparent as users experienced difficulties accessing OneDrive through web browsers. The disruption persisted, leading Microsoft to analyze monitoring telemetry and implement load-balancing processes to fix the OneDrive outage. In an update, the company clarified that access to OneDrive through desktop clients, synchronization clients, and Office applications remained unaffected. “The impacted browser URL is onedrive.live.com. Access to the OneDrive service using the desktop client, a synchronization client, or Office clients are not impacted,” Microsoft said in a media statement.
Contrary to its name, Anonymous Sudan is not associated with the Sudan administration or the country’s cause. Instead, there are indications that it may have connections to Russia’s Killnet hacking group. Anonymous Sudan has been directing its attacks towards Israel and India, two countries that have recently maintained friendly relations with Russia. This makes it challenging to discern the true intentions and patterns behind the threat group’s actions. While initially launching DDoS attacks on firms in Sweden, the Netherlands, Australia, and Germany, citing retaliation for anti-Muslim activities, further investigation has uncovered undisclosed connections.
Trustwave SpiderLabs researchers have revealed that Anonymous Sudan is likely a sub-group of Killnet, a threat actor group aligned with pro-Russian interests, with whom they have openly associated. The Cyber Express advises users to remain vigilant and aware of potential cyber attacks, especially with the increased use of cloud storage services and working from home. It is essential to follow best practices for securing devices and networks and be mindful of suspicious activities or requests.