Microsoft immediately launched an investigation and subsequently began tracking the threat actor’s ongoing DDoS campaign, which Microsoft is tracking as AStorm-1359
UPDATE – Mon 19 Jun 23 10:33am
San Francisco: Microsoft announced that a distributed denial of service (DDoS) attack was the cause of the service outage earlier this month.
“Beginning in early June, Microsoft observed a traffic spike for certain services that temporarily impacted availability. Microsoft quickly launched an investigation and subsequently began tracking the threat actor’s ongoing DDoS campaign, which Microsoft has tracked as AStorm-1359,” the company said in a statement. stated in a blog post.
“These attacks may rely on access to multiple virtual private servers (VPS) as well as leased cloud infrastructure, open proxies and DDoS tools.”
However, there is no evidence that consumer data was accessed or compromised.
The target of this DDoS campaign is not Layer 3 or 4, but Layer 7.
To better protect customers from such DDoS attacks, Microsoft has enhanced Layer 7 protections, including tweaking the Azure Web Application Firewall (WAF).
While most outages can be effectively mitigated with the help of these tools and techniques, the tech giant is constantly evaluating the performance of its enhancements and incorporating learnings to improve and refine them.
“Microsoft assesses that Storm-1359 has access to a range of botnets and tools that may enable threat actors to launch DDoS attacks from multiple cloud services and open proxy infrastructure. Storm-1359 appears to be focused on disruption and propaganda ,” the company said.
