Cyber Incident Victim: Microsoft

On Tuesday, Microsoft experienced an outage that knocked several of its applications offline after the company identified the disruption as the result of an attempted cyber attack. The initial problems on its Azure cloud platform were triggered by a distributed denial-of-service (DDoS) attack in which threat actors flooded the platform with traffic. Microsoft’s DDoS protection mechanisms were activated by the attack, but the protections initially amplified the impact rather than mitigating it, and the company’s efforts to stop the hack inadvertently worsened the situation. To address the issue, Microsoft implemented network configuration changes that eventually relieved the pressure and restored normal operation. The company later stated that its internal review found an error in the rollout of its own defences, which had contributed to the amplification of the attack. Microsoft indicated that it would publish a detailed incident review within seventy-two hours to provide further insight into the sequence of events.

The outage led to widespread user reports of difficulty accessing Microsoft services, with monitoring site DownDetector flagging problems with Microsoft Teams, Xbox Live and other offerings. In addition to Microsoft’s own platforms, external organizations reported related disruptions; NatWest apologized to customers who could not reach some of its webpages, and Oxford United Football Club confirmed via X that its online ticketing and club shop were inaccessible to members. The incident occurred less than two weeks after a separate global outage caused by a flawed software update from cybersecurity firm CrowdStrike, which had affected Microsoft devices and disrupted transport, healthcare and other services without being an intentional attack. The CrowdStrike‑related outage had been reported to have cancelled flights and delayed hospital appointments.