Microsoft 365 with a reddish tint

Microsoft recently was the victim of a massive DDoS (distributed denial of service) attack which led to large-scale outages across Microsoft 365 services like Outlook, Teams, and OneDrive. After resolving the issues and looking more closely into the matter, the company explained that the attackers targeted Layer 7 or L7 (Application layer) of the OSI, though it assured that no customer data was compromised:

Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.

These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

We have seen no evidence that customer data has been accessed or compromised.

This recent DDoS activity targeted layer 7 rather than layer 3 or 4.

Fast forward a couple of weeks, and Microsoft 365 services were once again affected today, though thankfully, the problem was resolved within a few hours. The details of the issue could be tracked under ID MO597504 in the Microsoft 365 admin center:

According to the official Microsoft 365 status Twitter handle, the issue was only affecting users in Western Europe:

Some further investigation helped the company determine what seemed to be the root cause of the issue, which was a data center in Germany that was not performing optimally. As such, the tech giant applied the necessary mitigations by reducing the load on the affected center:

We will update the article if for some reason the issue returns.

Source link