{"id":40310,"date":"2021-04-06T02:41:34","date_gmt":"2021-04-06T02:41:34","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/"},"modified":"2021-04-06T02:41:34","modified_gmt":"2021-04-06T02:41:34","slug":"anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/","title":{"rendered":"&#8216;Anomalous surge in DNS queries&#8217; knocked Microsoft&#8217;s cloud off the web last week"},"content":{"rendered":"<p><span data-label=\"in brief\">in Brief<\/span> It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools&#8217; Day, Redmond has said.<\/p>\n<p>Or as the Windows giant put it, the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/04\/01\/microsoft_azure_dns_outage\/\" rel=\"noopener noreferrer\">outage<\/a> was the result of &#8220;an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure.&#8221; In a <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/status.azure.com\/en-us\/status\/history\/\">postmortem examination<\/a> of the downtime, Microsoft said the flood of requests triggered a programming flaw in its infrastructure that hampered its ability to cope with the demand:<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",button,mpu,\" data-sm=\",button,mpu,\" data-md=\",button,banner_plus,mpu\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Microsoft says it has now fixed the bug &#8220;so that all requests can be efficiently handled in cache,&#8221; and improved &#8220;the automatic detection and mitigation of anomalous traffic patterns.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",button,mpu_plusplus,\" data-sm=\",button,mpu_plusplus,\" data-md=\",button,mpu_plusplus,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<h3 class=\"crosshead\"> <span>North Koreans go after infosec bods again<\/span><br \/>\n<\/h3>\n<p>In January, Google <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/01\/26\/norks_hack_researchers\/\" rel=\"noopener noreferrer\">warned<\/a> that suspected North Korean government cyber-spies were <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/01\/26\/north_korea_targeted_me_0_day\/\" rel=\"noopener noreferrer\">preying on<\/a> security researchers. On Wednesday last week, it said the dastardly team was trying a new tactic.<\/p>\n<p>The web giant&#8217;s Threat Analysis Group <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/blog.google\/threat-analysis-group\/update-campaign-targeting-security-researchers\/\">said<\/a> it had detected in March a bogus security company SecuriElite reaching out to legit professionals via social media, such as LinkedIn and Twitter.<\/p>\n<p>&#8220;Like previous websites we\u2019ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page,&#8221; the Google analysts said. &#8220;In January, targeted researchers reported that the PGP key hosted on the attacker\u2019s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered.&#8221;<\/p>\n<p>Going after security investigators is a high-risk\/high-reward endeavor. On the one hand, they are more likely to be careful about possible dangers, but you only have to make one mistake and then there&#8217;s a host of vulnerability and exploit research material and contacts to be harvested from your compromised victim. With Google&#8217;s latest warning, it&#8217;s time to set shields to maximum if not already.<\/p>\n<h3 class=\"crosshead\"> <span>Microsoft sets new baseline for 365 enterprise apps<\/span><br \/>\n<\/h3>\n<p>Admins with a Windows-heavy focus might want to check out the latest <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-security-baselines\/security-baseline-for-office-365-proplus-v2103-march-2021-draft\/ba-p\/2228388\">Redmond missive<\/a> on planned security changes for Microsoft 365 apps in the forthcoming version 2103.<\/p>\n<p>While these are draft proposals at the moment, they are going to cause some disruption. Dynamic Data Exchange for Excel is out across the board, JScript execution for Office is going to come under tighter lockdown to avoid the execution of arbitrary code, and there&#8217;s more action against macros.<\/p>\n<p>Defender&#8217;s also toughening its stance on dodgy-looking documents, which has led to some false positive problems in the past. So check out the specs, and make views known \u2013 maybe Microsoft will listen.<\/p>\n<h3 class=\"crosshead\"> <span>DeepDotWeb admin pleads guilty<\/span><br \/>\n<\/h3>\n<p>An IT admin who ran operations for DeepDotWeb \u2013 a portal that pointed netizens at dark web marketplaces selling malware, guns, and drugs \u2013 pleaded guilty to money laundering charges this month.<\/p>\n<p>Tal Prihar, 37, an Israeli citizen living in Brazil, set up the DeepDotWeb portal in October 2013 with co-defendant Michael Phan, 34, of Israel, and while they didn&#8217;t deal in illegal goods personally, they linked to those who did, and received $8.4m in kickbacks to promote certain dodgy sites, prosecutors said. The portal was <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2019\/05\/08\/deepdotweb_take_down_fbi\/\" rel=\"noopener noreferrer\">taken down<\/a> in May 2019 after a combined operation by Europol, and Israeli and US law enforcement.<\/p>\n<p>&#8220;For six years, DeepDotWeb was a gateway to facilitate the illegal purchase of items to include dangerous drugs, weapons, and malicious software,\u201d <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.justice.gov\/opa\/pr\/deepdotweb-administrator-pleads-guilty-money-laundering-conspiracy\">said<\/a> Acting Special Agent in Charge Carlton Peeples of the FBI\u2019s Pittsburgh Field Office. \u201cPrihar profited as a byproduct from other people\u2019s dangerous transactions and today\u2019s guilty plea sends a message to other cyber actors across the globe who think the dark web is a safe haven.&#8221;<\/p>\n<p>Prihar has agreed to forfeit $8,414,173 in funds, and will be sentenced in August. Phan&#8217;s case is pending.<\/p>\n<h3 class=\"crosshead\"> <span>Accellion hack just keeps on going: top-flight universities ransacked<\/span><br \/>\n<\/h3>\n<p>Some of America&#8217;s most technologically advanced halls of learning have been hit by extortionists who cruise the internet exploiting vulnerable deployments of the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/01\/25\/asic_accellion_breach\/\" rel=\"noopener noreferrer\">Accellion<\/a> file-transfer software to steal organizations&#8217; internal secrets and other data. The Clop crooks, which <a target=\"_blank\" href=\"https:\/\/search.theregister.com\/?q=clop\" rel=\"noopener noreferrer\">have hit<\/a> governments and big biz, then demand payment to keep a lid on the purloined records.<\/p>\n<p>Stanford, the University of California, including UC Berkeley, and others have had <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/dorper.me\/articles\/unileak.aspx\">personal information<\/a> stolen. Gigabytes of stolen data has been uploaded to the dark web to encourage the colleges to pay a ransom to prevent all of the data from being dumped online. Students are also being harassed by the extortionists via email.<\/p>\n<p>&#8220;We believe the person(s) behind this attack are sending threatening mass emails to members of the UC community in an attempt to scare people into giving them money. The message states: &#8216;Your personal data has been stolen and will be published,'&#8221; <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.ucdavis.edu\/news\/uc-among-targets-nationwide-cyberattack\">said<\/a> UC Davis.<\/p>\n<p>The universities are advising the usual measures: password changes, multifactor authentication, and credit checks.<\/p>\n<h3 class=\"crosshead\"> <span>Fortinet software stalked by snoops<\/span><br \/>\n<\/h3>\n<p>The FBI and America&#8217;s Cybersecurity and Infrastructure Security Agency (CISA) rounded off last week with <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.ic3.gov\/Media\/News\/2021\/210402.pdf\">a warning<\/a> [PDF] on Friday that installations of Fortinet&#8217;s FortiOS SSL VPN portal were being actively probed for unpatched security flaws by top-tier miscreants, known in industry jargon as an advanced persistent threat (APT). The snoops seem to be hoping to exploit bugs assigned CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591, we&#8217;re told. Patches have been available for these holes for a long while, and should be installed by now.<\/p>\n<p>&#8220;It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial, and technology services networks,&#8221; the agencies said.<\/p>\n<p>&#8220;The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",button,dbutton,mpu_plus,dmpu,\" data-sm=\",button,dbutton,mpu_plus,dmpu,\" data-md=\",button,dbutton,mpu_plus,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>US Homeland Security <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/10\/12\/cisa_fbi_warning\/\" rel=\"noopener noreferrer\">warned<\/a> about the exploitation of the key Fortinet flaw, <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-13379\">CVE 2018-13379<\/a>, in December. We&#8217;re told the attackers are chaining that flaw with an LDAP impersonation vulnerability (<a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-5591\">CVE-2019-5591<\/a>) and an authentication bypass (<a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-12812\">CVE-2020-12812<\/a>) to infiltrate networks. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/04\/06\/in_brief_security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus: Top universities hit by data-stealing extortionists in Brief\u00a0 It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools&#8217; Day, Redmond has said.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-40310","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>&#039;Anomalous surge in DNS queries&#039; knocked Microsoft&#039;s cloud off the web last week 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&#039;Anomalous surge in DNS queries&#039; knocked Microsoft&#039;s cloud off the web last week 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-06T02:41:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"&#8216;Anomalous surge in DNS queries&#8217; knocked Microsoft&#8217;s cloud off the web last week\",\"datePublished\":\"2021-04-06T02:41:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/\"},\"wordCount\":1023,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/\",\"name\":\"'Anomalous surge in DNS queries' knocked Microsoft's cloud off the web last week 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-04-06T02:41:34+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8216;Anomalous surge in DNS queries&#8217; knocked Microsoft&#8217;s cloud off the web last week\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"'Anomalous surge in DNS queries' knocked Microsoft's cloud off the web last week 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/","og_locale":"en_US","og_type":"article","og_title":"'Anomalous surge in DNS queries' knocked Microsoft's cloud off the web last week 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-04-06T02:41:34+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"&#8216;Anomalous surge in DNS queries&#8217; knocked Microsoft&#8217;s cloud off the web last week","datePublished":"2021-04-06T02:41:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/"},"wordCount":1023,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/","url":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/","name":"'Anomalous surge in DNS queries' knocked Microsoft's cloud off the web last week 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-04-06T02:41:34+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGvO8imHs7HK3MjGQsU4nQAAAI0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/anomalous-surge-in-dns-queries-knocked-microsofts-cloud-off-the-web-last-week\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"&#8216;Anomalous surge in DNS queries&#8217; knocked Microsoft&#8217;s cloud off the web last week"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40310"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40310\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}