Security

What really happened to the ddos ​​attacks that X took off

Bartholome Zieme

March 12, 2025


The social network X sustained interruptions on Monday, a situation owner Elon Musk attributed to a ‘massive cyber attack’. Musk said in an initial X -mail that the attack was done by “a large, coordinated group and/or a country”. In a post on Telegram, a pro-Palestinian group known as Dark Storm team took credit for the attacks within a few hours. Later on Monday, however, Musk claimed in an interview on Fox Business Network that the attacks came from the Ukrainian IP address.

Experts of the web traffic analysis who found the incident on Monday were quick to emphasize that the type of attacks X had to face-distributed denials-of-service, or DDOS, attacks-to-be-launched by a coordinated army of computers, or a ‘botnet’, a target with a junk traffic. Bot nets are typically spread all over the world, which generates traffic with geographically diverse IP addresses, and this may include mechanisms that make it more difficult to determine where they are controlled.

‘It is important to admit that IP inscription is not conclusive. Attackers regularly use a compromised devices, VPNs or Proxy networks to obscure their true origin, ‘said Shawn Edwards, chief safety officer of network connection firm Zayo.

X did not return Wired’s requests for comment on the attacks.

Several researchers told Wired that they observed five different attacks of different length against X’s infrastructure, the first start early Monday morning with the final extensive Monday afternoon.

The Internet Intelligence Team at Cisco’s Thousandyes Telled Wired in a statement: “During the disruptions, thousands of networking conditions observed that are characteristic of a DDOS attack, including significant traffic loss circumstances that would hinder users to reach the application.”

DDOS attacks are common, and virtually all modern Internet services are experiencing them regularly and must proactively defend themselves. As Musk put it on Monday, “we are attacked every day.” Why then did these DDOS attacks cause interruptions for X? Musk said it was because ‘it was done with a lot of resources’, but independent safety researcher Kevin Beaumont and other analysts see evidence that some X origin servants, who respond to web requests, were not properly secured behind the company’s DDOS protection and were publicly visible. As a result, attackers could target them directly. X has since secured the servers.

“The botnet attacked the IP and a lot more on that x -subnet yesterday. It’s a botnet of cameras and DVRs, ”says Beaumont.

A few hours after the final attack concluded, Musk said in an interview to Fox Business Larry Kudlow: “We’re not sure what happened what happened, but there was a massive cyber attack to bring down the X system with IP addresses that arose in Ukraine area.”

Musk has repeatedly mocked Ukraine and his president, Volodymyr Zelensky, since Russia invaded his neighbor in February 2022. An important campaign donor to President Donald Trump is now head of the so -called Department of Government Efficiency, or Doge, which has ruined the US federal government and its workforce in the weeks since Trump’s inhibition. Meanwhile, the Trump administration recently warmed up the relationship with Russia and flew away from its long -standing support from Ukraine. Musk was already involved in this geopolitics in the context of another business he owns, SpaceX, which operates the satellite internet service Starlink on which many Ukrainians rely.

DDOS traffic analysis can break down the fire department of junk traffic in various ways, including by listing the countries that have had the most IP addresses in an attack. But one researcher of a prominent firm, who requested anonymity because they were not authorized to talk about X, noted that they did not even see Ukraine during the exposition of the top 20 IP address’s origin involved in the X attacks.

If Ukrainian IP addresses have contributed to the attacks, many researchers say that the fact alone is not remarkable.

“What we can deduce from the IP data is the geographical distribution of traffic resources, which can provide insights into the Botnet composition or infrastructure used,” says Edwards of Zayo. “What we can’t end with certainty is the real perpetrator’s identity or intention.”

Additional reporting by Zoë Schiffer.

Related posts:

  1. A brand new botnet delivers DDOS attacks on record size
  2. End-to-end-encrypted texts between Android and iPhone come
  3. Meet the rented guns that make sure the cyber attacks remain hidden
  4. Biden’s Cyber ​​Ambassador Urges Trump Not to Concede Ground to Russia, China in Global Tech Fight

Leave a Reply

Your email address will not be published. Required fields are marked *