Second Outage on Microsoft Teams in Three Days. A Cyberattack?
Microsoft is currently investigating a second outage that has impacted Microsoft Teams users in North and South America within the past three days. Users affected by this latest incident are reporting connectivity issues and delays in sending and receiving messages through both mobile and desktop Teams clients.
The official Microsoft 365 status account on X released a statement, acknowledging the issue: “We’re investigating an issue in which users may be unable to access Microsoft Teams or features within North America, Canada, and Brazil.”
The companuy has provided affected Teams users with additional information in an incident report labeled as TM710900, accessible through the Microsoft 365 admin center. According to the incident report, some users may encounter difficulties accessing Microsoft Teams or specific features. The report notes that this information is in response to external customer reports and promises updates as the operational health of the service is at 100% at this time.
As of now, the firm has not updated its service health page for Teams consumer services, which currently indicates that “everything is up and running.”
In a similar incident on the preceding Friday, Microsoft attributed a widespread outage affecting customers across North America, Europe, the Middle East, and Africa to an undisclosed networking issue impacting a segment of the database infrastructure used by multiple APIs. Despite the tech giant resolving the issue within approximately 12 hours, customers continued to report problems, including delays in message delivery and Teams clients crashing.
Microsoft Previously Reported a Cyberattack
On January 20, Microsoft revealed that it had fallen prey to a nation-state attack on its corporate systems, resulting in the unauthorized access and theft of emails and attachments from senior executives and individuals within the company’s cybersecurity and legal departments.
Researchers identified the responsible party as the Russian advanced persistent threat (APT) group known as Midnight Blizzard, formerly referred to as Nobelium.
Upon discovering the attack on January 12, 2024, the firm promptly initiated an investigation and implemented disruption and mitigation efforts.
The attackers employed a password spray attack as the method to compromise a legacy non-production test tenant account, gaining initial access. Subsequently, they leveraged the account’s permissions to access a limited number of Microsoft corporate email accounts, including those belonging to senior leadership and employees in cybersecurity, legal, and other departments. During the breach, certain emails and attached documents were exfiltrated by the attackers.