Microsoft revealed that “ongoing DDoS activity” was behind outages in Outlook, OneDrive, and cloud services in early June.

The company revealed in a blog post that there is no evidence that user data was compromised:

Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.

These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

We have seen no evidence that customer data has been accessed or compromised.

Microsoft says Storm-1359 appears to be using botnets to gain publicity:

Microsoft assessed that Storm-1359 has access to a collection of botnets and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures. Storm-1359 appears to be focused on disruption and publicity.

Storm-1359 has been observed launching several types of layer 7 DDoS attack traffic: