- X suffered breakdowns on Monday March 10 due to a “massive cyber attack”
- CEO Elon Musk has attributed “IP addresses from the Ukraine region”
- Security experts suggest that the real origin of the attack cannot be identified
Tl; Dr what cause the breakdown?
Analysts believe that an overloaded X distributed service attack overloaded the servers of false traffic, interrupting access to authentic users. Due to the nature of the attack, it is not really possible to identify with certainty where it is from. The hackers used devices in several regions, transporting traffic via a number of diverted IP addresses.
The social media platform X, formerly known as Twitter, underwent several breakdowns on Monday, March 10. Thousands of X users in the United States and the United Kingdom have said they had access to the website throughout the day.
Addressing Fox Business, the owner Elon Musk attributed the breakdowns to a “massive cyber attack” and said that “the IP addresses from the Ukraine region” were behind.
With reported problems culminating at 40,000 on Downdector, the magnitude of the failure is no doubt. It is the most important service interruption that the platform has suffered over the years, with the effects of breakdowns that last several hours.
But now the dust has settled, what exactly caused the breakdown? Here are the original theories, followed by the thoughts of cybersecurity experts …
The claim: the pirates based in Ukraine were behind the Cyberattack X
In the aftermath of X failure, question points remain above its cause – and which could be behind.
Elon Musk went to X on Monday to share his conviction that the attack had been carried out “with a lot of resources”. He continued by claiming that “be a large coordinated group and / or a country is involved”, followed by his later comments on Fox Business which he came from “IP addresses from the Ukraine region”.
There was (always) a massive cyber attack against š¯•¸. We are attacked every day, but it has been done with a lot of resources. A large coordinated group and / or a country is involved. Tracedā€¦ https://t.co/azso1a92noMarch 10, 2025
The hacking group Dark Storm Team briefly claimed the responsibility for the attack on Telegram, although the post was deleted later.
In the midst of uncertainty and pointing of the fingers, we have reconstructed a clearer image of what happened and deciphered Musk’s assertions in the middle of the geopolitical tablecloth in progress with President Volodymyr Zelensky.
Reality: it is impossible to determine the real source of attack X
Web analysts are largely united in their understanding that X underwent a distributed service denial attack (DDOS) on Monday. It is traditionally a fairly raw form of cyber attack. He floods the servers of a target with illegitimate traffic, crushing his capacity and preventing real users from accessing the website in question.
Addressing the BBC Radio 4 today’s program, Ciaran Martin – Professor at the Blavatnik School of Government at the University of Oxford and to the former chief of the National Cyber ā€‹ā€‹Security Center of the United Kingdom – described the technique as “not so sophisticated”.
Some experts suggest the opposite. David Mound, senior penetration tester of the dashboard of the third-party risk management platform, said in a press release that “DDOS attack tactics have evolved dramatically”. He stressed that “the attackers are now distributing traffic on whole subnets”.
This echoes the comments of the initiates of the industry elsewhere. Several experts have stressed that DDOS attacks are generally orchestrated using a battalion of devices around the world. Traffic tends to be generated from IP addresses which are distributed in different regions, which makes it difficult to determine exactly where the attack comes.
Addressing Wired, Shawn Edwards, Zayo security director, a network connectivity company, said that “attackers frequently use compromise devices, VPNs or proxy networks to obscure their real origin.”
As a result, it is difficult to determine the real source of an attack. Even if traffic came from IP addresses in a particular country, as Musk suggested, this does not mean that cyber attacks were located in this country. In the words of Professor Martin, he “tells you absolutely nothing”.
By the way, Wired also cited an anonymous researcher who said that none of the 20 main sources of traffic involved in the attack was located in Ukraine. If it is correct, it would refute Musk’s declaration concerning Ukrainian pirates. There seems to be no evidence behind his assertion that the IP addresses involved in the attack come from Ukraine. Even if they did, that alone would not be proof that a group in the country was really involved in the attack.
This does not mean that an actor in the state could not be involved. Mound clearly indicated that “the actors of the nation state also use DDOS in the context of wider campaigns of cyber-influence and disturbance, in particular in geopolitical conflicts”.
Another question is how the attack was able to have an impact on X so considerably. DDOS attacks are relatively common, with Musk himself displaying on Monday that X is “attacked every day”. So why did this one shot X? Musk wants to suggest that a highly resources group is behind.
However, a number of independent analysts have identified that X servers were not properly secure, leaving them publicly exposed to the attack. To cite Professor Martin again, this “does not reflect their cybersecurity well”.
Cyber-specialists warn against an increase in the regularity and complexity of DDOS attacks. In some cases, the attackers “extort the companies by threatening prolonged downtime,” explains Mound. Others threaten “politically motivated disruptions against governments, financial institutions and infrastructure providers”.
Mound concludes: “With the attackers continuously refined their techniques, a proactive and adaptive security posture is essential to withstand modern DDOS threats.”
