Microsoft acknowledged that a cyberattack, coupled with an internal error in their defense system, triggered a widespread service outage on July 30th, 2024.
The attack, attributed to the state-sponsored group Midnight Blizzard, also known as APT29 or Cozy Bear, involved sophisticated methods aimed at accessing sensitive information.
This incident follows a previous outage just two weeks prior, where a faulty cybersecurity update from CrowdStrike rendered millions of computers inaccessible.
The attackers leveraged various techniques, including password spray attacks and exploitation of OAuth applications, to gain initial access and maintain persistence within Microsoft’s corporate environment. This allowed them to target email accounts and move laterally across cloud environments.
“Initial investigations suggest an error in implementing our defense system amplified the impact of the attack,” stated an update on the Microsoft Azure website.
Distributed Denial-of-Service (DDoS) attacks, like the one Microsoft encountered, bombard online services with overwhelming traffic, aiming to overload and disable them.
The outage impacted Microsoft Azure, the company’s cloud computing platform powering many services like Microsoft 365 (including Office and Outlook), Intune, and Entra.
The incident comes at a sensitive time for Microsoft. The outage occurred just hours before a scheduled financial update, where the company reported slower-than-expected growth. While Microsoft Azure remains a major profit driver, recent months have seen investor concerns due to slowing demand.
Microsoft has implemented a fix for the problem and is monitoring the situation to ensure a complete recovery. The company apologized for the inconvenience caused to users and businesses worldwide.
