Multiple researchers have reported that X's infrastructure was targeted by five distinct distributed denial-of-service (DDoS) attacks on Monday. The initial attack commenced early in the morning, and the final assault concluded in the afternoon, causing intermittent outages for users throughout the day. Elon Musk, head of the Department of Government Efficiency (DOGE), attributed these disruptions to a "massive cyberattack," suggesting that the perpetrators could be "either a large, coordinated group and/or a country."
The attacks led to significant network traffic congestion, characteristic of DDoS attacks. These types of attacks involve a coordinated army of computers, known as a botnet, overwhelming a target with junk traffic to disrupt its operations. Web traffic analysis experts from Cisco's ThousandEyes observed network conditions indicative of a DDoS attack.
“During the disruptions, ThousandEyes observed network conditions that are characteristic of a DDoS attack, including significant traffic loss conditions which would have hindered users from reaching the application.” – The internet intelligence team at Cisco's ThousandEyes
Elon Musk made an initial post on X, claiming that the cyberattack had origins in the Ukraine area. However, a prominent research firm noted that Ukrainian IP addresses did not appear in the top 20 IP address origins related to the attacks. Researchers emphasized that even if Ukrainian IPs were involved, it wouldn't be particularly noteworthy.
“We're not sure exactly what happened, but there was a massive cyberattack to try to bring down the X system with IP addresses originating in the Ukraine area.” – Elon Musk
Shawn Edwards, chief security officer at Zayo, commented on the limitations of using IP data for attribution.
“It’s important to recognize that IP attribution alone is not conclusive. Attackers frequently use compromised devices, VPNs, or proxy networks to obfuscate their true origin.” – Shawn Edwards, chief security officer of the network connectivity firm Zayo
Some experts, like Kevin Beaumont, identified that a botnet composed of cameras and DVRs was directly targeting the IP addresses associated with X.
“The botnet was directly attacking the IP and a bunch more on that X subnet yesterday. It's a botnet of cameras and DVRs.” – Kevin Beaumont
Despite the lack of concrete evidence linking Ukraine to the attacks, Musk has previously mocked Ukraine and its president, Volodymyr Zelensky, in light of ongoing tensions since Russia's invasion in February 2022. This history adds a layer of complexity to Musk's assertions about the origin of the cyberattacks.
DOGE, under Musk's leadership, has been restructuring the US federal government and its workforce since President Trump's inauguration. The attacks on X appear as another challenge in an already tumultuous period for the social network.
Leave a Reply