Cyber Security Threat Summary:
Microsoft revealed in an update to the Azure status page that the preliminary root cause behind an outage that impacted the Azure Portal worldwide on Friday was what it described as a traffic "spike." Customers who wanted to access the Azure Portal on Friday afternoon at portal.azure[.]com reported issues connecting and seeing a warning saying, "Our services aren't available right now. We're working to restore all services as soon as possible. Please check back soon." The connectivity issues also impacted other Microsoft websites, according to Redmond's update on the Azure status page, including the Entra Admin center at entra.microsoft[.]com and Intune at intune.microsoft[.]com.

"We identified a spike in network traffic which impacted the ability to manage traffic to these sites and resulted in the issues for customers to access these sites," the company said when describing the preliminary root cause behind the incident. "We engaged in different workstreams applying load balancing processes in addition to the auto-recovery operations in place in order to mitigate the issue. Additionally, we are continuing to monitor the platform health” (BleepingComputer, 2023).

Microsoft is expected to publish a preliminary post-incident review by the end of the day with additional information regarding the Azure Portal incident.

Security Officer Comments:
While Microsoft didn't provide details on what was causing the Azure Portal connectivity issues, a threat actor known as Anonymous Sudan claimed to have conducted a DDoS attack which correlates with the "spike" in network traffic seen by Microsoft. The same hacktivist group has previously claimed to be targeting U.S. companies to protest United States' interference in Sudanese internal affairs. Nevertheless, some believe the threat actor behind these attacks might be linked to Russia. Last week, Anonymous Sudan also claimed other DDoS attacks on Microsoft web portals for Outlook[.]com and OneDrive, which were also hit by outages. The Outlook[.]com outage started Monday evening and was addressed in the early hours of Wednesday. Redmond later disclosed that it also impacted other Microsoft services and features, including Outlook, SharePoint Online, and OneDrive for Business. "We are aware of these claims and are investigating," Microsoft told BleepingComputer when asked to comment on Anonymous Sudan's claims. "We are taking the necessary steps to protect customers and ensure the stability of our services."

Suggested Correction(s):
Microsoft has not confirmed that these outages were caused by DDoS attacks. However, they shared the following statement with BleepingComputer, suggesting that the issues extend beyond a mere technical problem.

"We are aware of these claims and are currently investigating. Microsoft is taking necessary measures to safeguard customers and ensure the stability of our services.”

Link(s):
https://www.bleepingcomputer.com/