Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Security researchers are speculating that the X (formerly Twitter) outage that affected users around the world this week was not the result of a Ukrainian cyber attack, as the platform’s owner Elon Musk suggested.
Yesterday (12 March), Musk announced that outages on his social media platform X (formerly Twitter) were the result of a cyber attack.
Musk said the cyber attack was one that came from a source with a lot of capability and suggested that it may be from either an established hacking group or a nation-state actor.
Musk added that X was “tracing” the source of the attack. Speaking with Fox News, he claimed that the cyber attack came from IP addresses in Ukraine.
However, security researchers quickly concluded that the distributed denial-of-service (DDoS) attack came from a botnet of compromised devices, meaning the source could have come from anywhere in the world.
Now, speaking with WIRED, independent security researcher Kevin Beaumont, as well as other analysts, have suggested that some of X’s origin servers were not secured.
For context, a DDoS attack is when a malicious actor overwhelms a server with requests, making it crash or unusable.
In the case of X, Beaumont believes that its origin servers were not secured behind the platform’s Cloudflare DDoS protection and, thus, were visible, could be targeted directly and easily overwhelmed by malicious actors, not requiring the huge resources Musk claims would be needed.
Additionally, an anonymous researcher who analysed the DDoS traffic to identify the sources of the DDoS and the countries with the most IP addresses found that Ukraine was not even in the top 20 IP address locations for the X attack.
Recorded Future’s Allan Liska said that even if “every IP address that hit Twitter today originated from Ukraine, they were most likely compromised machines controlled by a botnet run by a third party that could be located anywhere in the world”.
Furthermore, the cyber attack was claimed by the Dark Storm hacking group, which refers to itself as a hacktivist operation.
In a post to BlueSky, a user by the name of “Puck Arts” said that a pro-Palestinian hacktivist group claimed the X outage.
“#DarkStorm has confirmed that the DDOS attack against Twitter will continue throughout the day as a protest against Musk and Trump,” said the user, adding that the outages were to last at least four more hours.
“Due to Elon Musk’s and Donald Trump’s blatant fascism and lack of humanity we as a digital army for the people will continue our peaceful DDOS protests against X formerly known as Twitter. Thank you for your love and support,” the user said in another post.
Speaking with Cyber Daily, Andy Thompson, a senior cyber researcher at CyberArk Labs, said that even when a threat group claims an attack, it is still not enough to identify the culprit.
“Cyber attacks today resemble crime scenes with multiple fingerprints, as hacktivist groups, cyber criminals, and nation-states are all working in parallel or jockeying for credit,” said Thompson.
“Claiming responsibility is easy, but proving who’s behind it is far more difficult. And when multiple actors rush to take credit, one thing becomes clear: the real objective is disruption itself, not just the message.”
That being said, sources from X speaking to The Verge have said that a cyber attack occurred. One source “confirmed” that there was no DDoS attack, while another said there was a “99 per cent” chance that Musk lied about the cyber attack.
Be the first to hear the latest developments in the cyber industry.
