Microsoft said that a recent connectivity issue affecting its Azure cloud platform was caused by an abnormal increase in HTTP requests, shortly after a hacking group claimed to launch a distributed denial-of-service (DDoS) attack against the service.

In a preliminary review of the incident published on Tuesday, the tech giant said the flood in requests led to Azure displaying a “service unavailable” message in several countries on Friday. Microsoft resolved the issue within two hours, it added.

Microsoft said it would release a full investigation with more details about the Azure outage within the next two weeks.

Shortly after the outage started on Friday, the hacking group Anonymous Sudan wrote on Telegram that it launched a DDoS attack against Azure to show how “untrustworthy” its services are. Such attacks generally work by flooding targeted websites and services with junk traffic, making them unreachable.

Earlier last week, Microsoft’s email service, Outlook, also suffered a series of brief worldwide outages, which Anonymous Sudan also claimed to have caused.

“We will continue the attack until we get tired and go to sleep, we are currently enjoying the mood with cola and music, while Microsoft suffers,” the hacking group wrote on Telegram.

The group also made a demand to Microsoft, requesting a ransom of $1 million. They threatened to continue the attacks and sell data on 30 million customers they claim to have accessed. DDoS attacks are relatively simple to launch, and generally don’t involve data theft.

Microsoft would not confirm whether Anonymous Sudan was involved in the recent incidents or if any data was leaked, as its investigation is still ongoing.

Anonymous Sudan also claimed to attack other U.S. companies this month, including ride-hailing service Lyft, as well as U.S. healthcare services and hospitals.

Earlier in May, the group made an unexpected demand of $3 million from Scandinavian Airlines in order to halt DDoS attacks that targeted the airline’s websites since February.

Cybersecurity researchers believe the group isn’t an authentic part of the larger Anonymous hacktivist movement, but “most likely created as part of a Russian information operation to harm and complicate Sweden’s NATO application,” according to a report published by Swedish cybersecurity company Truesec.

Chicago-based cybersecurity firm Trustwave said that there is evidence the group is financially motivated, and is a sub-group of the pro-Russia hacking group known as Killnet.