Posted on July 4, 2023 at 9:19 AM
Microsoft Denies Reports That Anonymous Sudan Breached The Company Servers
Tech giant Microsoft has denied reports that the Anonymous Sudan hacktivist group was behind an exploit on the company. The group had claimed that it infiltrated the servers of the company and stole the details belonging to 30 million customers.
Microsoft denies data breach and theft of customer data
The Anonymous Sudan hacker group is known for being behind distributed denial-of-service (DDoS) exploits. The group has been attributed to a wide range of hacking exploits targeting Western entities over recent months.
This hacktivist group has previously claimed that it was affiliated with pro-Russian hacktivist groups such as KillNet. The KillNet hacker group has been behind a wide range of DDoS campaigns targeting the Western allies of Ukraine.
Microsoft has previously been targeted by the Anonymous Sudan hacker group. Last month, the tech company announced that Anonymous Sudan was behind service disruptions and outages that happened on the servers at the start of June. The DDoS campaign that happened at the time affected several Microsoft services like Azure, OneDrive, and Outlook.
The Anonymous Sudan hacker group has now claimed that it was behind more than just a DDoS campaign on Microsoft. The group claimed that it had successfully conducted a hacking exploit against Microsoft.
According to the group, the breach it conducted against Microsoft allowed it to access a vast database that contained over 30 million accounts, emails, and passwords belonging to customers.
The group has said that it will sell the stolen database to interested parties, with the price being set at $50,000. The group has also urged those who are interested in buying this data to get in touch with the group through its Telegram bot. The group will later agree on the data purchase deal.
The post promoting the sale of the data has also included a sample of the data that the group offered. The data in question was allegedly stolen from Microsoft as part of the proof that the breach had indeed happened. The group had also said that Microsoft would deny any claims of this data being stolen.
The hacker group offered 100 credential pairs, but the origin of these pairs could not be verified. The credential pairs included old data that was the result of an exploit that was done on a third-party service provider. The data was also allegedly stolen from Microsoft systems.
According to BleepingComputer, a spokesperson from Microsoft has denied claims that this breach happened and that data belonging to the company was stolen. The spokesperson noted that the claims being made by the hacktivist group were illegitimate.
“At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data,” the spokesperson said. “We have seen no evidence that our customer data has been accessed or compromised.”
It remains unclear whether the investigations being done by Microsoft are complete and whether they are still ongoing. The reaction of the company toward the potential public release of the data is still undetermined. The response will help determine whether these claims are accurate or false.
Microsoft confirms DDoS attack on Azure
As aforementioned, the Anonymous Sudan hacker group conducted a DDoS campaign against the Microsoft Azure service. The tech giant said that the outages on Azure, Outlook, and the OneDrive web portals were caused by Layer 7 DDoS attacks that targeted the servers at the company.
The hacking exploits were attributed to a hacker group that was tracked as Storm-1359 by Microsoft or Anonymous Sudan. The outages on these Microsoft services started at the beginning of June. At the time, the web portal for Outlook.com was targeted in a breach that happened on June 7.
The attacks on OneDrive happened on June 8, while the attack on the Microsoft Azure Portal started on June 9. Microsoft failed to confirm at the time that the outages were being caused by DDoS exploits.
Around a week after the attacks happened, Microsoft released a statement hinting that DDoS attacks were behind it. The company also said that the increase in network traffic led to the outages. The heavy traffic also affected the site’s ability to manage traffic, resulting in issues for the customers who wanted to access the sites.
The Microsoft Security Response Center published a post saying that the outages were because of a Layer 7 DDoS campaign against its services. The company said that the issue had only temporarily affected availability. It also said that it had launched an investigation to track the DDoS activity of this threat actor group.