[German]Microsoft has been struggling with outages in its cloud services (Exchange Online, Outlook.com) for days. As of June 9, 2023, the services of Microsoft Azure (probably worldwide) were disrupted. May be technical in nature – but rumor persists that attackers may be partly responsible. A cyber group Anonymous Sudan claims to attack Microsoft and be responsible for the disruptions.
The problems with Microsoft's cloud services have been going on all this week. On June 5, 2023, in the blog post Exchange Online down for hours (June 5, 2023), I had reported about a disruption of Exchange Online that also affected Outlook. It was also mentioned there that the hacktivist group Anonymous Sudan claimed an attack on Microsoft's cloud infrastructure (via DDoS). On June 8, 2023, in the blog post Outlook.com and OneDrive down – consequence of cyberattacks? (June 8, 2023), I reported on the next disruption.
Next outage: Azure portan on June 9th
Tero Alhonen pointed out a couple of hours ago a malfunction of the Azure portal in the following tweet, but writes that the status page does not show anything about a malfunction. Attached to the tweet, however, is a message from Microsoft that they are investigating a problem with the Azure Portal.
The night I then noticed at colleagues that Microsoft Azure has been temporarily on strike on June 9, 2023. The following tweet points to this article. There you can see a screenshot of the Azure portal, where a corresponding disruption message was displayed – below the text in question:
"Azure Portal – Errors accessing the Azure Portal – Applying Mitigation
Impact Statement: Starting at approximately 15:00 UTC on 9 Jun 2023, Azure customers may experience error notifications when trying to access the Azure Portal (portal.azure.com).
Current Status: We have determined a potential root cause and are actively engaged in different workstreams applying load balancing processes in order to mitigate the issue. The next update will be provided within 60 minutes or as events warrant.
This message was last updated at 16:35 UTC on 09 June 2023"
German blog reader Andreas P. has send me yesterday evening the following snipped from the Azure administrator portal via mail.
Share: Incident: MO579186, impacted service: Microsoft 365 suite, impacted feature: Portal, current status is: Service degradation
Published Time: 09.06.2023 18:55:11
Title: Users may be unable to access Windows 365, Windows Autopatch, or Microsoft Intune
User impact: Users may be unable to access Windows 365, Windows Autopatch, or Microsoft Intune.
Current status: We're reviewing service telemetry to determine the source of impact.
Scope of impact: This issue may potentially impact any user attempting to access the Microsoft Intune, Windows 365, or Windows Autopatch services.
Next update by: Friday, June 9, 2023, at 6:30 PM UTC
So there was definitely something going on with Microsoft's cloud services. What immediately strikes me is that the management solution Microsoft Intune, the cloud operating system Windows 365 and also the Windows Autopatch service, which Microsoft only recently released, were affected. Brave new world, when the cloud coughs, users of these services are left in the cold.
What's going on there?
What I find strange: Microsoft writes that they are evaluating the telemetry to find the reason for the problems. What's also odd is that the disruptions have been happening all week – and I had mentioned the hacktivists from Anonymous Sudan in my earlier posts, claiming to be attacking Microsoft and being responsible for the disruptions. Coinciding with the Azure portal outage, the group posted the following (Bleeping Computer have publsihed a screenshot).
On the web page given in the screenshot above, timeouts or error 503 are reported for many countries when trying to reach the Microsoft Azure cloud.
In my previous posts, mentioned and linked above, I had written that I have not heard anything through my channels so far that points in the direction of a hacking attack on Microsoft Azure. But Microsoft has told Bleeping Computer that they are aware of the reports and are investigating this scenario as well. Currently, from my point of view, it is impossible to say whether Anonymous Sudan is just a freeloader or an actor. However, the incidents do raise the question of whether the cloud and the dependencies that come with it are really such a wise choice for companies. Were any of you affected? How serious were the impairments?
Cookies helps to fund this blog: Cookie settings