On Monday, March 10, X, the social media platform owned by Elon Musk, experienced multiple outages, with Musk posting that the platform had been hit by a massive cyberattack. According to Musk, the attack involved a large number of simultaneous requests, overwhelming the system. Security analysts pointed out that X’s servers lacked sufficient protection, making them vulnerable to Distributed Denial-of-Service (DDoS) attacks.
The platform suffered from five separate outages, affecting thousands of users worldwide. According to data from Downdetector, over 30,000 users in the United States and 4,700 in the UK were unable to access the platform. Musk revealed that the attack required significant resources, suggesting that it may have been carried out by a large, coordinated group or even a nation-state. However, the identity of the perpetrators remains unknown.
The following day, March 11, Musk told Fox News that the attack originated from an IP address in Ukraine. However, experts noted that IP addresses can be easily spoofed by botnets, making it difficult to determine the true origin of the attack. Some speculated that the attack might be a political statement, possibly related to Musk’s position as the head of the DOGE unit in the Trump administration or his conflicts with Ukraine over Starlink.
In a surprising turn of events, a hacking group called Dark Storm, which supports Palestine, claimed responsibility for the attack through a Telegram post. The group has previously targeted Western countries and organizations that support Ukraine, as well as NATO member states, the United States, and Israel, using DDoS and ransomware attacks. They emphasized that the attack on X had no connection to Ukraine.
It’s worth noting that after Musk’s acquisition of Twitter in 2022, the company laid off a significant portion of its security staff, roughly 80%. This reduction in security personnel may have contributed to the platform’s vulnerability to the attack. Experts pointed out that a large botnet of 10,000 to 20,000 hacked devices, including security cameras and DVRs, sent simultaneous requests to X’s servers, causing them to crash. Furthermore, many of X’s primary servers did not utilize Cloudflare, a tool that helps filter out malicious traffic and prevent DDoS attacks.
Sources: