Rewterz Threat Alert – Lazarus (aka Hidden Cobra) APT Group – Active IOCs
July 4, 2023Rewterz Threat Advisory – CVE-2023-3460 – WordPress Ultimate Member Plugin Zero-Day Vulnerability Exploiting in the Wild
July 4, 2023Rewterz Threat Alert – Lazarus (aka Hidden Cobra) APT Group – Active IOCs
July 4, 2023Rewterz Threat Advisory – CVE-2023-3460 – WordPress Ultimate Member Plugin Zero-Day Vulnerability Exploiting in the Wild
July 4, 2023Severity
High
Analysis Summary
In early June, Microsoft experienced significant service outages, affecting Outlook email, OneDrive file-sharing apps, and the Azure cloud computing infrastructure. The responsibility for these DDoS attacks was claimed by a group known as Anonymous Sudan, also referred to as Storm-1359. Anonymous Sudan, which has been active since January 2023, claims to target countries opposing Sudan, although some researchers believe it is a sub-group of the pro-Russian threat group Killnet.
The threat actors behind the attacks utilized multiple virtual private servers (VPS), rented cloud infrastructure, open proxies, and DDoS tools. Initially, Microsoft did not provide specific details about the outages but later confirmed the DDoS attacks in a report titled “Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks.” The report acknowledged the surges in traffic that impacted availability and mentioned the ongoing tracking of DDoS activity by the threat actor known as Storm-1359.
“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.” published by the company.
Microsoft stated that they have not found any evidence indicating that customer data has been accessed or compromised during the attacks. However, Anonymous Sudan made an announcement claiming to have stolen credentials for 30 million Microsoft customer accounts. They published a message on their Telegram channel, declaring a successful hack of Microsoft and offering a large database containing the alleged stolen data for sale at a price of $50,000.
“We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password. Price for full database : 50,000 USD”, on their telegram group.
Anonymous Sudan provided a sample of the purportedly stolen data to support their claim. As of now, Microsoft has not publicly commented on the alleged data breach.
Researchers contacted Microsoft to seek a comment regarding the validity of the claims made by Anonymous Sudan. In response, a spokesperson from Microsoft firmly denied any data breach allegations. The company representative stated that their analysis of the data showed that the claims were not legitimate and that it appeared to be an aggregation of data. They further emphasized that there was no evidence to suggest that customer data had been accessed or compromised.
While Microsoft has refuted the data breach claims, the situation is still ongoing, and it is unclear whether Microsoft’s investigation into the matter is complete or ongoing. Additionally, the company’s response to the potential public release of the data remains to be seen.
Impact
- Service Disruptions
- Operational Outage
- Information Theft