Update, March 12, 2025: This story, originally published March 11, has been updated with additional insight from multiple security experts regarding the DDoS attack against Elon Musk’s X social media platform.
Cyberattacks take many different forms, and while PayPal scam campaigns and infostealer malware pop up with alarming regularity, distributed denial of service attacks can cause absolute chaos when the target is something like Elon Musk’s X social media platform.
X Cyberattack Latest Developments
After the X social media platform, formerly known as Twitter, suffered multiple outages on March 10, Elon Musk was quick to pin the blame on a “massive cyberattack” and opined that either a “large, coordinated group and/or a country is involved.” Now, a new prime suspect has emerged as the pro-Palestinian hacktivist collective known as Dark Storm claims responsibility for taking X down. How this ties in with Musk telling Larry Kudlow during a Fox Business Network interview that the attack had been traced to “IP addresses originating in the Ukraine area” remains unclear.
Dark Storm, however, is known to use tactics that are very similar to a Russia-linked group called KillNet, which also had a history of attacking western targets, and Ukraine supporting organizations, before becoming a more mainstream attackers-for-hire service. Dark Storm itself was first observed in 2023 and has attacked NATO countries, Israel and the U.S. with large-scale DDoS campaigns as well as ransomware attacks.
Dark Storm claimed responsibility for the X cyberattack in its Telegram channel. “Twitter has been taken offline by Dark Storm Team,” it posted using the old name for X as, one assumes, a sign of defiance against Musk. The group also shared screenshots from Check Host, which is often used by DDoS attack groups to prove that an attack is happening as it illustrates site availability from multiple global servers.
Oded Vanunu, chief technologist and head of product vulnerability at Check Point, said, “the resurgence of Dark Storm Team highlights the growing cyber threat against major online platforms and critical infrastructure. For users, this means potential service disruptions, downtime, and limited access to essential websites and apps.”
What the Check Host screenshots, or indeed the Telegram postings, cannot do is prove that Dark Storm is actually behind the X denial of service attacks. This is a developing story and will be updated as more facts emerge.
Attributing Cyberattacks Is Inherently Complex, Security Experts Say Of X DDoS
Attributing cyberattacks to a specific nation, or even a particular group, is inherently complex. Multiple security experts who have reached out to me in the wake of the attack on X have agreed. “DDoS attacks are a common tactic and even offered as a service,” Chad Cragle, chief information security officer at Deepwatch, said, “definitive attribution requires thorough forensic analysis that goes beyond basic IP tracing.” The fact that Dark Storm has claimed responsibility for the attack shouldn’t be considered definitive proof either, according to Cragle. The actual cause of the X outages will require independent verification, and that’s not going to be easy without direct access to the targeted infrastructure, in this case X itself. “The evidence from X and from the attackers claiming credit appears very limited,” J Stephen Kowski, field chief technology officer at SlashNext Email Security+, said. Whatever, according to Tom Parker, chief technology officer at NetSPI, “the magnitude of this incident strongly suggests the involvement of a sophisticated threat actor,” be that nation-state or hacktivist in nature. “We must acknowledge that attributing an attack of this scale is notoriously difficult,” Parker concluded, “precisely because such adversaries are highly adept at concealing their tracks.” One thing that Parker was very clear about is that we should all be “extremely cautious about pointing fingers and sabre rattling without clear and compelling evidence to demonstrate capability, motive, and likely benefit for the party involved.”