More information is coming to light on the cyberattack that caused outages of the social media platform X (formerly Twitter) on Monday, but much of the information is difficult to verify.
There appear to have been several attack waves and tens of thousands of users have reported X outages, according to the DownDetector service. The disruptions were likely caused by distributed denial-of-service (DDoS) attacks.
As users reported being unable to access X, Elon Musk blamed the outages on a “massive cyberattack”.
“We get attacked every day, but this was done with a lot of resources,” Musk said. “Either a large, coordinated group and/or a country is involved.”
Musk later said on Fox Business that the incident was still being investigated, but noted that IP addresses involved in the attack originated in the Ukraine area.
However, Reuters learned from an unnamed source in the internet infrastructure industry that traffic from Ukraine was actually insignificant and that much of the traffic involved in the DDoS attacks came from IP addresses in the US, Vietnam and Brazil.
DDoS attacks are typically powered by compromised devices located across the world, which are instructed to send traffic to the targeted system in an effort to consume its resources and bring it down. The origin of DDoS attack traffic does not determine the location of the attacker.
In addition, threat actors continue to find ways to enhance the impact of DDoS attacks and in many cases they don’t even need a very large number of bots to achieve their goal. In the fourth quarter of 2024, Cloudflare saw a record-breaking attack that peaked at 5.6 Tbps and it was traced to only 13,000 unique IPs.
In the case of X, a threat group named Dark Storm Team has taken credit for the attack. Dark Storm Team claims to be a pro-Palestine hacktivist group which may have links to Russia.
According to Orange Cyberdefense, Dark Storm Team has been around since September 2023 and it has conducted a wide range of attacks, including ransomware, data theft and DDoS, both for financial gain and apparent ideological motives.
Other hacktivist groups, including ones affiliated with the Anonymous movement, have also claimed responsibility for the latest X outage.
However, it’s difficult to verify these claims and it’s not uncommon for hacktivists — or groups claiming to be hacktivists — to falsely take credit for major attacks or outages.
The lines between state-sponsored attacks, cybercrime operations and hacktivism are often blurred, with government-backed hackers and cybercriminals increasingly using hacktivist personas to achieve their goals.
X was previously targeted in a disruptive DDoS attack launched by Anonymous Sudan, a threat group whose members were recently charged in the US for developing and offering DDoS attack services.
Related: 27 DDoS Attack Services Taken Down by Law Enforcement
Related: New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices
Related: After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks
