- X suffered interruptions on Monday, March 10 due to a “mass cybernetic attack”
- CEO Elon Musk attributed “the IP directions originally in the area of Ukraine”
- Security experts suggest that the true origin of the attack cannot be identified
TL; Dr What causes interruption?
Analysts believe that a distributed denial attack overloaded X servers with false traffic, interrupting access for genuine users. Due to the nature of the attack, it is not really possible to identify with certainty where it originated. Computer pirates used devices in several regions, crossing traffic through a series of kidnapped IP addresses.
The social media platform X, previously known as Twitter, suffered multiple interruptions on Monday, March 10. Thousands of X US users. And the United Kingdom reported that they could not access the website throughout the day.
Speaking to Fox Business, the owner Elon Musk attributed the interruptions to a “mass cybernetic attack” and said that the “IP directions originating in the Ukraine area” were behind.
With the problems reported with a maximum of 40,000 in Downetector, the interruption scale is no doubt. It is the most significant interruption of the service that the platform has suffered in years, with the effects of interruptions that last several hours.
But now the dust has settled, what exactly did the interruption cause? Here are the original theories, followed by the thoughts of cybersecurity experts …
The statement: Ukraine -based computer pirates were behind the X Cyberattack
Following the interruption of X, the question signs remain for their cause, and who could be behind it.
Elon Musk took X on Monday to share his belief that the attack had been carried out “with many resources.” He continued to affirm that “a large and coordinated group and/or a country is involved”, followed by his subsequent comments on Fox Business that he came from “IP directions originating in the Ukraine area.”
There was (still) a massive cyber attack against 𝕏. They attack us every day, but this was done with many resources. Either a large and coordinated group and/or a country is involved. Track … https://t.co/azso1a92NoMarch 10, 2025
The Dark Storm Team piracy group briefly took responsibility for the attack against Telegram, although the post was deleted later.
Amid the uncertainty and signaling of the fingers, we have rebuilt a clearer image of what happened and deciphered Musk’s claims in the middle of the geopolitical dispute ongoing with President Volodymyr Zelensky.
The reality: it is impossible to identify the real source of the X attack
Analysts throughout the website are widely united in their understanding that X suffered a distributed service denial (DDOS) on Monday. This is traditionally a fairly raw form of cyber attack. It floods the servers of an objective with illegitimate trafficking, overwhelming their capacity and prevents real users from accessing the website in question.
In statements to the BBC Radio 4, Ciaran Martin program, professor at the Blavatnik Government School of the University of Oxford and former head of the National Cyber Safety Center of the United Kingdom, described the technique as “not so sophisticated.”
Some experts suggest otherwise. David Mound, a senior penetration tester on the safety platform of the third -party risk management platform, said in a statement that “DDOS attack tactics have evolved dramatically.” He pointed out that “the attackers now distribute traffic in entire subnets.”
That echoes the comments of industry experts in other places. Several experts have stressed that DDOS attacks are generally orchestically using a battalion of devices worldwide. Traffic tends to be generated from IP addresses that are distributed in different regions, which makes it difficult to determine exactly where the attack originated.
Speaking to Wired, Shawn Edwards, Security Director of Zayo, a network connectivity firm, said that “the attackers often use compromised devices, VPN or proxy networks to obfuscate their true origin.”
As a result, it is difficult to identify the real source of an attack. Even if the traffic came from IP addresses within a particular country, as Musk suggested, that does not mean that cyberactors were located in that country. In the words of Professor Martin, “he does not tell you absolutely anything.”
By the way, Wired also summoned an anonymous researcher who declared that none of the 20 main traffic sources involved in the attack was located in Ukraine. If correct, that would refute Musk’s statement regarding Ukrainian computer pirates. It seems that there is no evidence behind his statement that the IP addresses involved in the attack originated in Ukraine. Even if they did, that would only be proof that no group in the country was really involved in the attack.
That does not mean that a state actor cannot participate. Mound made it clear that “the nation-state actors are also using DDO as part of the wider influence and interruption campaigns, particularly in geopolitical conflicts.”
Another question is how the attack could impact X so significantly. DDOS attacks are relatively common, and Musk itself publishes on Monday that X is “attacked every day.” So why did he tear down x? Musk is anxious to suggest that a very resources group is behind him.
However, several independent analysts have identified that X servers were not appropriately insured, leaving them publicly exposed to the attack. To quote Professor Martin, “it is not well reflected in his cyber security.”
Cybernetic specialists warn an increase in the regularity and complexity of DDOS attacks. In some cases, the attackers are “extorting business by threatening prolonged inactivity time,” says Mound. Others threaten “politically motivated interruptions against governments, financial institutions and infrastructure suppliers.”
Mound concludes: “With the attackers who continually refine their techniques, a proactive and adaptive security posture is essential to resist modern threats of ddos.”
You may also like …
