Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359.
“These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools,” the tech giant said in a post on Friday.
Storm-#### (previously DEV-####) is a temporary designation the Windows maker assigns to unknown, emerging, or developing groups whose identity or affiliation hasn’t been definitively established yet.
While there is no evidence that any customer data was accessed or compromised, the company noted the attacks “temporarily impacted availability” of some services. Redmond said it further observed the threat actor launching layer 7 DDoS attacks from multiple cloud services and open proxy infrastructures.
This includes HTTP(S) flood attacks, which bombard the target services with a high volume of HTTP(S) requests; cache bypass, in which the attacker attempts to bypass the CDN layer and overload the origin servers; and a technique known as Slowloris.
“This attack is where the client opens a connection to a web server, requests a resource (e.g., an image), and then fails to acknowledge the download (or accepts it slowly),” the Microsoft Security Response Center (MSRC) said. “This forces the web server to keep the connection open and the requested resource in memory.”
images from Hacker News