We do not know if this is made with malice by Microsoft, if it is some sort of mistake, or if some of their cloud customer is running the attack.

It surely doesn't take much thought to realise that the first option is obviously ridiculous. It's almost certainly the third, and possibly the second.

I professionally help sites deal with these kinds of attacks, and it is often the case that the source machines are all from a single provider, country, or other group.

Typically we've found that this is due to some underlying app or service that they all use, an example would be a webhost that has all of their customers on an older vulnerable version of cPanel, or for something with more recency look at all the organizations that suffered a ransomware attack this week because they used the same vulnerable file transfer software.

From the front page, I think this offers some insight into server admin's mindset.

> The ongoing Intel CPU bug debacle with Meltdown, Spectre, Foreshadow, MDS, the jCC/cache-line bug, Fallout, LVI, Portsmash, etc, etc, and the ME backdoor is making the main GMP server far from as secure as we'd like it to be.

Embrace, Extend, DDoS

MS publishes Azure IP ranges[1] so it should be trivial to check if the attack originates from those or something else.

MS also has abuse contact exactly for this purpose[2]. I have no experience what their response is there, but probably worth a shot anyways.

[1] https://www.microsoft.com/en-us/download/details.aspx?id=565...

[2] https://msrc.microsoft.com/report/abuse

The front page of https://gmplib.org/ has two other undated updates that the current server is too slow because of meltdown and they're going to replace with it with an epyc server in mid April.