Following widespread outages on Monday that prevented thousands of users from accessing X, Elon Musk said that the social media platform was under a "massive cyberattack."
“We face attacks daily, but this one was executed with substantial resources,” Musk stated in a post. “Either a large, coordinated group and/or a nation is involved. Tracing …”
Later that day, during an appearance on Fox Business Network’s Kudlow, Musk mentioned that the attackers’ “IP addresses originated in the Ukraine region,” though he did not elaborate on the implications, reports AP.
However, cybersecurity experts quickly noted that this does not necessarily indicate that Ukraine was the source of the attack. Security researcher Kevin Beaumont wrote on Bluesky that Musk's statement lacked a crucial detail—"the IPs actually came from all over the world, not just Ukraine.”
Beaumont identified the attack as a Mirai variant botnet, comprising compromised cameras. While he could not determine who was responsible, he remarked that it “smells of APTs—advanced persistent teenagers.”
Allan Liska from cybersecurity firm Recorded Future further explained that even if “every IP address that targeted Twitter today came from Ukraine (which is unlikely), they were most likely compromised devices controlled by a botnet run by an unknown third party, which could be operating from anywhere.”
Reports of outages surged at 6 a.m. Eastern Time and again at 10 a.m., with over 40,000 users unable to access X, according to tracking website Downdetector.com. By the afternoon, the number of complaints had declined to the low thousands.
A prolonged disruption lasting at least an hour began at noon, primarily affecting the U.S. coastal regions.
Downdetector.com reported that 56% of the reported issues were related to the X app, while 33% were linked to the website.
Without access to X’s internal technical data, verifying Musk’s claims is impossible, and the probability of the company releasing such information is “pretty low,” according to Nicholas Reese, an adjunct instructor at New York University’s Center for Global Affairs and an expert in cyber operations.
Reese suggested that it was unlikely a nation-state was behind the attack, given the relatively short duration of the outages—unless it was intended as a precursor to something more significant.
“There are essentially two types of cyberattacks—some are meant to be highly visible, while others are designed to be stealthy,” he explained. “The most valuable attacks tend to be the quiet ones. This incident was clearly meant to be noticed, which almost certainly rules out state actors. The benefit they would gain from such an attack is minimal.”
Reese also speculated that a group may have intended to make a statement by disrupting X but noted that a temporary outage “doesn’t seem like much of a statement.”
“It only becomes meaningful if it’s followed by further action, which I wouldn’t dismiss at this stage,” he added.
In March 2023, when the platform was still known as Twitter, it suffered a series of technical glitches for over an hour, causing broken links, login failures, and image-loading issues.
Meanwhile, “X outage” was trending on rival platform Bluesky, with users welcoming newcomers and encouraging them to stay.
Musk, who acquired the platform in 2022, is also Tesla’s CEO. While overseeing X, he maintains access to U.S. government data systems—frequently sporting a T-shirt that reads “tech support.”
Bd-pratidin English/ Afia
