Cyber Incident Victim: Microsoft

On June 5, 2023 Outlook.com experienced two major outages that disrupted global access to email and the mobile Outlook app. The service continued to suffer additional outages on June 6, 2023, with users worldwide reporting inability to reliably access or send email. Users took to Twitter to complain about spotty email service affecting their productivity. The disruptions were described as widespread and impacted Outlook.com and related Microsoft 365 services.

Microsoft attributed the outages to a technical issue and posted a series of updates on Twitter alternating between claiming mitigation and noting the problem recurring. In one tweet Microsoft said, "We've identified that the impact has started again, and we're applying further mitigation." Telemetry indicated a reduction in impact relative to earlier iterations due to previously applied mitigations, and further details about the workstreams were available in the admin center via reference MO572252.

Anonymous Sudan claimed responsibility for the outages, stating they were conducting DDoS attacks on Microsoft Outlook to protest US involvement in Sudanese internal affairs. The group posted on Telegram that they could target any US company and warned Americans not to blame them but their government for considering intervention in Sudan. They taunted Microsoft with messages such as "Microsoft, today we played football with your services. Let's play a fun game. The fate of your services, which is used by hundreds of millions of people everyday, is under our dominion and choice." and demanded a payment of one million USD to teach Microsoft's cyber‑security experts how to repel the attack and stop it. The group shared check‑host.net URLs indicating they were targeting https://outlook.live.com/mail/0/, the main Outlook.com web address, while Microsoft and BleepingComputer noted the claims remained unverified despite the observed sluggishness and repeated outages over the past 24 hours.