Microsoft is refuting allegations made by the hacktivist group, Anonymous Sudan, that they’ve managed to breach its systems and steal credentials from around 30 million customer accounts. In a statement to BleepingComputer, a company spokesperson said, “We have seen no evidence that our customer data has been accessed or compromised.”
Anonymous Sudan, a hacktivist group associated with pro-Russian factions like Killnet, and known for their disruptive distributed denial-of-service (DDoS) attacks on Western entities, declared that they had “successfully hacked Microsoft” and gained access to a vast database of Microsoft accounts, inclusive of emails and passwords. They offered to sell this information for a sum of $50,000, encouraging potential buyers to get in touch via their Telegram bot to discuss data purchases.
This claim followed a series of DDoS attacks on Microsoft’s servers last month, which caused service disruptions and outages across multiple platforms, including Azure, Outlook, and OneDrive. Microsoft did attribute those disruptions to Anonymous Sudan. However, the tech giant is categorically denying this latest claim of a data breach.
The Telegram post by Anonymous Sudan also contained what was said to be a sample of the stolen data, a supposed validation of their successful breach. But the origin of the 100 credential pairs they provided remained unverified, leaving it unclear whether this data was old, resulted from a breach at a third-party service provider, or was indeed stolen from Microsoft’s systems.
Microsoft maintains the stance that the claim isn’t credible. “At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data,” a company representative explained. Whether the investigation into these allegations is still ongoing or completed, however, is unclear. Microsoft has not publicly reacted to the potential release of the said data.
A Backdrop of Disruptions and DDoS Attacks
Just last month, Microsoft experienced significant outages across its Azure, Outlook, and OneDrive web portals, which the company later confirmed were caused by Layer 7 DDoS attacks. The company identified the threat actor responsible for these attacks as Storm-1359, better known as Anonymous Sudan. These attacks, which occurred in early June, targeted different Microsoft services across several days.
The group Anonymous Sudan originated in January 2023, pledging to target any countries opposing Sudan. The hacktivist group has since targeted various organizations and government agencies globally, either disabling their operations with DDoS attacks or leaking stolen data.
In June, the group shifted their focus to Microsoft, launching DDoS attacks on their web-accessible portals and demanding a ransom of $1 million to halt the attacks. Anonymous Sudan cited their actions as a protest against US involvement in Sudanese politics. However, some cybersecurity researchers suggest that the group might be a false flag operation linked to Russia.
As Microsoft continues to deny the claims of the data breach, the cybersecurity community waits with bated breath to see how this high-stakes drama between a tech giant and a notorious hacktivist group unfolds. The recent attacks have shown that Anonymous Sudan has significant resources at their disposal, and this serves as a reminder for organizations and individuals alike to stay vigilant and proactive in matters of cybersecurity.