In early June, intermittent and severe service disruptions hit Microsoft’s main office suite – including email in Outlook, file-sharing apps OneDrive – and the cloud computing platform.

A mysterious hacking group claimed responsibility, saying they flooded the sites with unwanted traffic in distributed denial-of-service attacks.

Initially, Microsoft was cautious in identifying the cause, but has now revealed that DDoS attacks by a mysterious hacker were indeed the cause.

But the software giant provided few details – and did not comment on the scale of the attacks. It did not mention the number of affected customers or describe the attackers, whom it named Storm-1359.

Microsoft’s explanation came in a post on late Friday following a request from the Associated Press two days earlier. Regarding the details, the post said the attacks “temporarily affected the availability” of some services. It added that the attackers focused on “disruption and publicity” and likely used infrastructure and virtual private networks to bombard Microsoft’s servers from so-called botnets worldwide.

Microsoft stated there is no evidence that any customer data was accessed or breached.

While DDoS attacks are primarily a nuisance – making websites inaccessible without breaching them – security experts say they can disrupt the work of millions if they succeed in interrupting services of a software services giant like Microsoft, which many global businesses depend on.

“It is not clear whether this is what happened here,” said Jake Williams, senior cybersecurity researcher and former offensive hacker at the National Security Agency: “We really have no way to measure the impact if Microsoft doesn’t provide this information.” Williams also said he was not aware of Outlook being attacked on this scale before.

He added: “We know some resources were unreachable for some, but not for others. This often happens with DDoS on globally distributed systems.”

Regarding Storm-1359’s identity, Williams said he does not think Microsoft knows yet, as cybersecurity espionage tends to take some time – and even then it can be challenging if the adversary is skilled.

On the other hand, Edward Amoroso, professor at New York University and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a major risk we all agree to avoid talking about. It is not controversial to call it an unsolved problem.”

He also added that the difficulties Microsoft faced in countering this particular attack point to a “single point of failure.” He said the best defense against such attacks is widely distributed service, such as on a content delivery network.

Also, British security researcher Kevin Beaumont said the methods used by the attackers are not old. He said: “One dates back to 2009.”

Severe impacts from Microsoft 365 Office suite outages were reported on Monday, June 5, peaking at 18,000 reports.

On Twitter that day, Microsoft said Outlook, Microsoft Teams, SharePoint Online, and OneDrive for Business were affected.

The attacks continued throughout the week, with Microsoft confirming on June 9 that its cloud computing platform Azure was affected.

On June 8, computer security news site BleepingComputer.com reported that cloud-based OneDrive file hosting had been disrupted globally for some time.