X’s ‘Massive Cyberattack’ has Links to Ukraine, Musk Claims. But Was It Really Ukraine?

Elon Musk's social media platform X (formerly Twitter) faced a major outage on March 10, following what Musk claimed was a "massive cyberattack" targeting the platform's infrastructure. The billionaire suggested the attack originated from IP addresses traced back to Ukraine, triggering a wave of speculation online. Musk made the claim during an interview with Fox News, stating the platform's infrastructure suffered a coordinated disruption. While the exact details remained unclear at the time, he mentioned that the attackers aimed to bring down X’s systems. The platform experienced widespread service disruptions, leaving millions of users unable to access their accounts. According to Musk, the X DDoS attack appeared to be sophisticated, with multiple IP addresses linked to the Ukraine region. However, he refrained from directly accusing the Ukrainian government or any specific threat group. He believed a "large, coordinated group and/or a country" was behind the attack. "We are still investigating, but the source of the attack points to Ukraine," Musk said in the interview. Dark Storm Team Claims Credit for X DDoS Attack The claim ignited debates in the cybersecurity and geopolitical communities. Some experts expressed caution, emphasizing that IP addresses do not always reflect the origin of an attack. Threat actors often use compromised servers in different regions to mask their true identity. A CNN report noted that the outage, which began around 6 a.m. ET, peaked when nearly 40,000 users reported issues with accessing X. The disruptions slowly subsided around 2 p.m. ET. Musk stated in a Fox interview that the platform was operational again. Meanwhile, a pro-Palestinian hacking group called Dark Storm Team allegedly claimed responsibility for the outage. Some claimed the group, known for launching Distributed Denial of Service (DDoS) attacks, targeted X due to Musk's perceived bias in content moderation related to the Israel-Palestine conflict. However, independent digital creator Ed Krassenstein, who allegedly spoke with the leader of the Dark Storm group, tweeted that the attack was "just a demonstration of our strength," with no political motives. [caption id="attachment_101326" align="aligncenter" width="400"] Message from alleged Dark Storm leader to Ed Krassenstein. (Source: X)[/caption] Krassenstein added that the DDoS operators said the IPs did not originate from Ukraine, and that Musk "must provide evidence for his claim," as they adamantly deny this to be the case. The attackers also warned they "can attack again. A stronger attack this time." Dark Storm also revealed their other targets - possibly for some media attention - which include: the wallet application of private banks "SEDAD Wallet" (BMI[.]MR) and "GBM Banque" (gbm-banque[.]com), stating the banks claimed their services couldn't be stopped, thus issuing a direct challenge to the hackers. Cybersecurity Analysts Skeptical; Ukraine Pushes Back Cybersecurity analysts are examining whether Dark Storm Team was genuinely behind the attack or if it was a smokescreen to obscure a more coordinated state-sponsored campaign. Given the geopolitical implications, the attack has sparked concerns about further escalation in the ongoing Ukraine-Russia conflict. Dark Storm Team has previously targeted entities in Israel, NATO-aligned nations, and Western companies. Their claim, made via Telegram, included screenshots and technical details, though no concrete evidence has yet been provided. This has led some experts to question whether Dark Storm was acting alone or as part of a broader coordinated effort. X was previously targeted in a DDoS attack in August last year when the tech billionaire was about to start a live streaming of an interview with the then Republican presidential candidate Donald Trump. Musk initially called the downtime a technical glitch but soon attributed the glitches to a DDoS attack. Also Read: DDoS Attack Behind Glitches in Musk-Trump Interview on X, Claims Tesla CEO Musk's statements drew criticism from Ukrainian officials. Ukraine has reportedly dismissed the claim, stating that it had no involvement in the cyberattack. Officials said such allegations could inadvertently benefit Russia's ongoing information warfare. The incident has renewed discussions around social media platforms’ resilience to large-scale cyberattacks. Security experts call for the need for X to strengthen its infrastructure, given its significant influence on public discourse. While investigations are ongoing, the attack showed how state and non-state actors target influential platforms to disrupt communication channels or advance geopolitical agendas. Musk said X’s security team was working around the clock to prevent further incidents.