Following a series of outages that affected X (formerly Twitter) users on Monday, Elon Musk took to social media to accuse the platform of being the target of a “massive cyberattack.”
“We are attacked daily, but this attack was particularly well-resourced,” Musk stated in his post. “It appears to involve either a large, coordinated group or possibly a nation-state.”
Later that day, during an appearance on Kudlow on Fox Business, Musk elaborated, mentioning that the cyberattack’s IP addresses seemed to originate from the Ukraine region, though he did not provide further details.
However, cybersecurity experts were quick to challenge Musk’s assertion. They pointed out that just because IP addresses appear to come from Ukraine doesn’t mean the attack originated there.
Security researcher Kevin Beaumont explained on Bluesky that Musk’s claim overlooked the fact that the IP addresses involved were global, not restricted to Ukraine. Beaumont identified the attack as likely involving a Mirai variant botnet, which typically uses compromised internet-connected devices, like cameras.
Allan Liska, a cybersecurity expert at Recorded Future, also weighed in, suggesting that even if all IP addresses traced back to Ukraine (which he found unlikely), it would still be more plausible that these were compromised devices controlled by a botnet, which could be managed from anywhere in the world.
X Users Report Widespread Outages
Reports of outages on X began early Monday, with spikes in complaints at 6 a.m. ET and again at 10 a.m. ET, as more than 40,000 users found themselves unable to access the platform, according to Downdetector.com. The outage continued intermittently, peaking again around noon ET, particularly affecting users on the U.S. coasts.
Of the reported issues, 56% were related to the X app, while 33% concerned the website.
Experts Cast Doubt on State Actor Involvement
Nicholas Reese, a cyber operations expert and adjunct instructor at New York University, expressed skepticism about Musk’s theory involving state actors. Reese noted that the short duration of the outages made it unlikely that a state-sponsored attack was responsible—unless it was intended as a warning of something larger.
Reese explained that cyberattacks typically fall into two categories: loud, disruptive attacks, and quieter, more subtle ones. He suggested that this incident seemed designed to be discovered, a characteristic that generally rules out state-sponsored activity. According to Reese, a state actor would likely seek more substantial, long-term impacts, making this type of attack an unlikely candidate for such involvement.
While Reese did acknowledge the possibility of a group trying to send a message by targeting X, he pointed out that a brief outage wouldn’t make much of a statement unless followed by further action.
This isn’t the first time X (formerly Twitter) has experienced significant technical issues. In March 2023, the platform faced a series of glitches that lasted over an hour, disrupting functionality such as links, logins, and image loading.
Since Musk’s acquisition of the platform in 2022, X has been navigating various challenges under his leadership. Musk, who is also CEO of Tesla and SpaceX, is known for his unorthodox approach to tech and governance, frequently making waves with his statements and actions, including serving as an adviser to the Trump administration on government efficiency.
