Η Microsoft refuted the claims of the hacktivist group Sudan Anonymous about the breach of the company's servers and the theft of credentials for 30 million customer accounts.
Anonymous Sudan is known for making denial-of-service (DDoS) attacks against western entities. The group has been active since January 2023 and claims to target any country that is against Sudan. However, some security researchers believe that Anonymous Sudan is a subgroup of pro-Russian threat group Killnet and the team itself seems to have Confirm the relationship between them.
Attackers rely mainly on access to virtual private servers (VPS) combined with rented infrastructure cloud, open proxies and tools DDoS.
See also: MOVEit attacks: Siemens Energy confirmed data breach
In the middle of last month, Microsoft admitted that Anonymous Sudan was responsible for an attack that caused disruptions in the operation of several services, including Azure, Outlook and OneDrive.
The day before yesterday, these hacktivists claimed that they had "successfully hacks Microsoft" and that they acquired access to a large database containing more than 30 million Microsoft accounts, email and passwords.
In fact, Anonymous Sudan offered to sell these data for 50.000 $. The team urged interested buyers to contact the Telegram bot them to arrange the purchase.
The post even includes a sample of the data, as proof of the Violation and theft. There was also a warning that Microsoft would deny these allegations.
See also: The MOVEIt breach affects GenWorth and CalPERS
The team provided 100 pairs of credentials, but their origin could not be verified (old data, the result of a breach at a third party service provider, stolen from the systems Microsoft).
According to BleepingComputer, a Microsoft spokesman categorically denied any allegations of data breach from Anonymous Sudan.
“At this time, the analysis of the data shows that this is not a legitimate claim and data collection", the spokesman told BleepingComputer. "We have seen no evidence that the data of our customers have been accessed or compromised", he continued.
See also: UPS data breach: customer data used for phishing attacks
However, we do not yet know whether Microsoft's investigation has been completed or is ongoing. Data breaches are a risk we all face in today's digital world. Data breaches can have serious consequences for individuals and Organisations. For individuals, it can lead to theft ID card, financial loss and even reputational damage. For organisations, it can lead to legal and financial consequences, loss of customer confidence and damage to reputation. For a large company like Microsoft, a data breach can have serious consequences. It remains to be seen how Anonymous Sudan will move forward next.
Source : www.bleepingcomputer.com
