Microsoft recently was the victim of a massive DDoS (distributed denial of service) attack which led to large-scale outages across Microsoft 365 services like Outlook, Teams, and OneDrive. After resolving the issues and looking more closely into the matter, the company explained that the attackers targeted Layer 7 or L7 (Application layer) of the OSI, though it assured that no customer data was compromised:
Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.
These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.
We have seen no evidence that customer data has been accessed or compromised.
This recent DDoS activity targeted layer 7 rather than layer 3 or 4.
Fast forward a couple of weeks, and Microsoft 365 services were once again affected today, though thankfully, the problem was resolved within a few hours. The details of the issue could be tracked under ID MO597504 in the Microsoft 365 admin center:
We determined that the mitigations have helped resolve the underlying issue and our telemetry has confirmed that the impact to accessing files is now resolved. Further details can be found under MO597504 in the admin center.
— Microsoft 365 Status (@MSFT365Status) June 20, 2023
According to the official Microsoft 365 status Twitter handle, the issue was only affecting users in Western Europe:
We"re investigating an issue where some users in Western Europe are unable to access files within the Microsoft 365 Service. Further details can be found under MO597504 in the admin center.
— Microsoft 365 Status (@MSFT365Status) June 20, 2023
Some further investigation helped the company determine what seemed to be the root cause of the issue, which was a data center in Germany that was not performing optimally. As such, the tech giant applied the necessary mitigations by reducing the load on the affected center:
We’ve identified a datacenter in Germany is not performing at optimal performance thresholds. We’ve applied mitigations to reduce the load on the affected infrastructure and are seeing improvements in availability. Further details can be found under MO597504 in the admin center.
— Microsoft 365 Status (@MSFT365Status) June 20, 2023
We will update the article if for some reason the issue returns.
Update: Although the same exact issue did not recur, Microsoft confirmed that users in Germany were unable to access multiple Microsoft 365 services, which means Outlook, Teams, OneDrive, among others, were probably affected. Admins were able to track the issue on Microsoft 365 Admin Center via ID MO601910:
We"re investigating an issue where some users in Germany may be unable to access multiple Microsoft 365 Services. Further details can be found under MO601910 in the admin center.
— Microsoft 365 Status (@MSFT365Status) June 22, 2023
Earlier today, the company confirmed that the issues were indeed resolved by the mitigations it applied:
We"ve confirmed that the issue is resolved after an extended period of monitoring. Further details can be found under MO601910 in the admin center.
We will keep an eye on the situation and provide an update in case.