Hours after a series of outages Monday that left X unavailable to thousands of users, Elon Musk claimed that the social media platform was being targeted in a “massive cyberattack.”
“We get attacked every day, but this was done with a lot of resources,” Musk claimed in a post. “Either a large, coordinated group and/or a country is involved. Tracing …”
Later on Monday, Musk said on Fox Business Network’s Kudlow that the attackers had “IP addresses originating in the Ukraine area” without going into detail on what this might mean.
Cybersecurity experts quickly pointed out, however, that this doesn’t necessarily mean that an attack originated in Ukraine. Security researcher Kevin Beaumont said on Bluesky that Musk’s claim is “missing a key fact — it was actually IPs from worldwide, not just Ukraine.”
Specifically, he said it was a Mirai variant botnet, which is made of compromised cameras. He said while he is not sure who is behind the attack, it “Smells of APTs — advanced persistent teenagers.”
Allan Liska of the cybersecurity firm Recorded Future, meanwhile, pointed out that even if “every IP address that hit Twitter today originated from Ukraine (doubtful), they were most likely compromised machines controlled by a botnet run by a third party that could be located anywhere in the world.”
Complaints about outages spiked Monday at 6 a.m. Eastern and again at 10 a.m, with more than 40,000 users reporting no access to the platform, according to the tracking website Downdetector.com. By afternoon, the reports had dropped to the low thousands.
A sustained outage that lasted at least an hour began at noon, with the heaviest disruptions occurring along the U.S. coasts.
Downdetector.com said that 56% of problems were reported for the X app, while 33% were reported for the website.
It’s not possible to definitively verify Musk’s claims without seeing technical data from X, and the likelihood of them releasing that is “pretty low,” said Nicholas Reese, an adjunct instructor at the Center for Global Affairs in New York University’s School of Professional Studies and expert in cyber operations.
Reese said the likelihood that a state actor is behind the outages “doesn’t make a lot of sense” given their short duration — unless it was a warning for something larger to come.
“There are kind of two types of cyber attacks — there are ones that are designed to be very loud and there are ones that are designed to be very quiet,” he said. “And the ones that are usually the most valuable are the ones that are very quiet. Something like this was designed to be discovered. So to me that almost certainly eliminates state actors. And the value that they would have gained from it is pretty low.”
Reese added that it’s possible that a group was trying to make a statement with causing X outages, but added that such a temporary outage “is not much of a statement to me.”
“It’s only really a statement if there is some kind of follow on action, which I would not rule out at this point,” he said.
In March 2023 the social media platform then known as Twitter experienced a bevy of glitches for over an hour as links stopped working, some users were unable to log in and images were not loading for others.
“X outage” was trending on rival social media platform BlueSky, with some posts welcoming users to the site and urging them to stick around.
Musk bought the former Twitter in 2022 and also serves as the CEO of Tesla. He’s running X while simultaneously having access to U.S. government data systems — often wearing a shirt that says “tech support.”
