Pro-Iran hackers are gloating about today’s widespread Microsoft outage issues, claiming they completely shut down major services for hours. The Islamic Cyber Resistance in Iraq – 313 Team stated that they launched a cyberattack targeting Microsoft 365 servers, causing a complete shutdown of the website for five hours, as reported by Threat Beat. This is in line with Iran’s current stance on US-based tech giants.
They later claimed to extend the attack for an additional five hours, asserting that Microsoft servers would remain down and services like Microsoft 365, Microsoft Outlook, and others would be unavailable. Microsoft, however, had a different take on the situation. The company posted on its official X feed for Microsoft 365 service incidents, stating they were investigating reports of users having trouble accessing Exchange Online mailboxes.
About two and a half hours later, Microsoft announced they had “identified and resolved an underlying issue involving the supporting network infrastructure that resulted in service degradation.” They then confirmed the service was healthy after a period of monitoring. Despite Microsoft’s resolution claims, the 313 Team quickly countered on their Telegram channel, insisting their effort against Microsoft “continues” and pointing to ongoing user reports of problems on DownDetector.
This isn’t the first time Iranian hacker groups have targeted U.S. interests
Just last week, the 313 Team claimed to have temporarily knocked down the donaldjtrump.com site, even posting a screenshot of a 503 error as proof. Another pro-Iran group, Sylhet Gang-SG, then piled on, posting their own screenshot of trump.com with a message saying, “we saw team downd donaldjtrump.com so we took fun on second website of trump lol.”
The 313 Team later declared, “In the coming days we will target all companies affiliated with President Trump.” They subsequently claimed responsibility for an outage on U.S.-based Commerce Bank’s website, showing a spike in user reports on DownDetector as evidence.
In an unverified claim, an Iranian group closely linked to CyberAv3ngers, APT IRAN, took responsibility for a deadly explosion at a Nebraska biofuels plant last July. The group, known for targeting operational technology, posted on Telegram, “In our last attack on an industrial site in the US in Fremont, Nebraska, the Horizon plant last year, one person was killed.”
They went on to say that the victim, 32-year-old Dylan Danielson, was “accidentally killed by a massive explosion,” adding, “Now, we don’t want to get our hands dirty with anyone’s blood. Stay away from candlelight… (Please).” The group offered no proof beyond a video of the explosion and a news report on the investigation, which confirmed Danielson’s death and mentioned his two daughters were waiting for him at the plant.
The broader Cyber Islamic Resistance collective, which works closely with the 313 Team, has been urging its “epic war” allies to act as unified “mujahideen” on the cyber front. They posted this evening that “a new target has been set in stone,” sharing a screenshot of a 504 error related to Azure Front Door. They also claimed to have targeted Microsoft Store globally with DDoS attacks. “We will continue to target other U.S companies due to Trump’s actions in the Middle East,” the collective stated.
Handala Team, an Iran-linked hacker group, claimed responsibility for a cyberattack on US medical tech giant Stryker last week.
Published: Mar 17, 2026 01:30 pm