On a Monday morning, thousands of American users were left unable to access Microsoft Outlook, a popular information management platform, due to a targeted cyber attack. The attack was claimed by Anonymous Sudan, a pro-Russian hacktivist group known for its previous campaigns against high-profile targets. This incident marked the group’s latest effort in its ongoing campaign to target US companies and infrastructure.
Around 10 AM ET, Anonymous Sudan began sharing images of their alleged handiwork on their encrypted Telegram channel. Simultaneously, Outlook users took to Twitter to report issues with loading the Microsoft 365 platform. Downdetector, a monitoring site, recorded approximately 15,000 users experiencing difficulties with the Microsoft service.
Frustrated users turned to social media to express their concerns, with one user asking Outlook directly about the issue. Microsoft responded with a standard message acknowledging the technical difficulties and assuring users that the appropriate teams were working to resolve the problem. Meanwhile, the outage, lasting for about an hour and a half, aligned closely with the timing of Anonymous Sudan claims.
In a lengthy message, Anonymous Sudan took responsibility for “downing Outlook” for an hour and then prolonging the attack for an additional half-hour, claiming they were satisfied with the disruption caused. The group asserted its control over Microsoft’s services, emphasizing its ability to decide when to shut them down. They placed blame on the US government for its perceived interference in Sudanese affairs and warned that any US company could become their target.
To provide context for their followers, Anonymous Sudan specifically mentioned US Secretary of State Antony Blinken, connecting the attack to his recent visit to Saudi Arabia where discussions on handling the crisis in Sudan took place. The group further cited economic sanctions imposed by the US on Sudanese entities as justification for their actions.
This attack on Microsoft Outlook followed Anonymous Sudan’s previous targeting of the ride-sharing company Lyft and various regional hospitals. The group’s cyber campaign has gained attention since its emergence in January, marked by distributed denial-of-service (DDoS) attacks on prominent figures such as Israel’s Prime Minister Benjamin Netanyahu and intelligence agency Mossad. SAS Airlines has also been a repeated target of their attacks, including a two-week-long ongoing campaign demanding an escalating ransom, currently set at $10 million.
Anonymous Sudan’s activities have not been limited to individual campaigns but have involved collaborations with other pro-Russian hacker groups like KillNet and UserSec. The group’s threats to re-attack Microsoft later in the day indicated their determination to disrupt US companies and infrastructure further.
Microsoft Outlook, the third-most-popular email client globally with approximately 400 million active users, has faced multiple outages since the beginning of 2023. However, Microsoft has not commented specifically on Anonymous Sudan reports, leaving the cyber community and users concerned about the potential for future attacks.
The incident serves as a reminder of the ever-present threat posed by hacktivist groups, highlighting the importance of robust cybersecurity measures to protect against such attacks.