After a series of outages on Monday that left X inaccessible to thousands of users, Elon Musk claimed that the social media platform was the target of a “massive cyberattack.”
“We get attacked every day, but this one was done with a lot of resources,” Musk wrote in a post. “It looks like a large, coordinated group or possibly a country is involved. We’re tracing it…”
Later, Musk mentioned on Fox Business Network’s Kudlow that the attack seemed to originate from “IP addresses in the Ukraine area,” though he didn’t elaborate on what this might indicate.
However, cybersecurity experts quickly pointed out that the attack’s origin wasn’t necessarily from Ukraine. Security researcher Kevin Beaumont noted that Musk’s statement overlooked an important detail: the IP addresses were actually coming from all over the world, not just Ukraine. Beaumont identified the attack as a Mirai variant botnet, which uses compromised cameras. While he wasn’t sure who was behind the attack, he suggested it might have been carried out by “advanced persistent teenagers.”
Allan Liska from the cybersecurity firm Recorded Future pointed out that even if all the IP addresses that targeted Twitter on that day came from Ukraine (which is unlikely), they were probably from compromised machines controlled by a botnet. This botnet could have been operated by a third party located anywhere in the world.
Complaints about outages spiked on Monday at 6 a.m. Eastern and again at 10 a.m., with over 40,000 users reporting issues accessing the platform. By the afternoon, the number of reports had decreased to the low thousands.
A major outage, lasting at least an hour, began around noon, with the most significant disruptions affecting the U.S. coasts.
According to reports, 56% of the reported issues were related to the X app, while 33% were with the website.
It’s impossible to verify Musk’s claims without technical data from X, and the chances of them releasing that information are “pretty low,” said Nicholas Reese, an adjunct instructor at New York University’s Center for Global Affairs and a cyber operations expert.
Reese argued that it doesn’t make much sense for a state actor to be behind the outages, given their brief duration, unless it was intended as a warning for something bigger to come.
He explained, “There are two types of cyberattacks — ones that are loud and disruptive, and ones that are quiet and more subtle. The most valuable attacks are typically the quiet ones. This incident seems designed to be noticed, which suggests it wasn’t carried out by state actors. The value they would have gained from it is minimal.”
Reese also noted that it’s possible a group might have wanted to make a statement by causing the outages, but he felt that a short-lived disruption didn’t send much of a message. “It only becomes a statement if there’s some follow-up action, which I wouldn’t rule out,” he added.
In March 2023, the social media platform previously known as Twitter experienced a series of glitches that lasted for over an hour. During this time, links stopped working, some users couldn’t log in, and images failed to load for others.
The hashtag “X outage” started trending on the competing social media platform BlueSky, with some users welcoming people to join the site and encouraging them to stay.
Musk, who purchased the former Twitter in 2022, also serves as the CEO of Tesla. He is managing X while simultaneously having access to U.S. government data systems, often seen wearing a shirt that reads “tech support.”