Following the publications regarding the attack received by Microsoft by the group of hackers "anonymous sudan”, Check Point Software, reports on the specific incident:
Anonymous Sudan emerged around the beginning of 2023 and has been very "vigorously" attacking both anti-Russian targets around the world and targets related to their pro-Islamic agendas. We can refer to them as a cluster of hackers of different origins and ideologies working together to bring down websites. Their attacks happen every week somewhere in the world and prove that they aim high and can take down websites of governments, banks, big businesses, airports, telecommunications and many others. So we should expect this to continue.
Since its first appearance and in recent months, this group has been very active through Telegram, warning of potential attacks before they happen and reporting (almost live) attacks as they happen. They inform their followers about these attacks and each platform targets specific dates. (screenshots attached).
Microsoft, in its recent blog, claimed that the attack it received was carried out by Storm-1359, which is actually Anonymous Sudan.
It is important to emphasize – that this is not a hack, in the sense that there is no breach. A denial of service attack, or DDOS, is a method where hackers flood a website with communication requests, which, in the right amount, cause the website to crash. So all the attacks involved here are on the websites of these platforms, which were simply inaccessible for a certain period of time (from minutes to about 20-30 minutes or so. At times and from some planes of the world it was less than an hour ).
DDOS attacks are important when it comes to consumer use (you can't get into a website), but it's not a sophisticated attack. As such, it can be performed by anyone who can access the tools that allow numerous requests on a single site (such as bot farms). This particular group is notorious for using very powerful DDOS tools, as it is heavily associated with Russian hacking groups, which today leverage such tools in their own attacks. DDOS attacks can be prevented. It's a matter of resources and risk management. The more you invest in being able to monitor the requests coming to the site, and if you have the ability to receive more requests at once - sending a huge number of requests won't crash the site.
What these hackers do is analyze the bandwidth, the capacity, of the sites they target by sending a certain number of requests at once, increasing the frequency to the point where they see them crash.