Elon Musk has revealed that the cyberattack which severely disrupted access to X (formerly Twitter) on Monday appears to have originated from IP addresses based in Ukraine.
In an interview with Fox Business Network, following the partial restoration of the platform’s functionality, Musk stated:
“We’re not exactly sure what happened, but there was a massive cyberattack aimed at taking down X, with IP addresses traced to the Ukrainian region.”
While investigations are still ongoing, Musk confirmed that the attack was significant in scale and seemed to involve substantial resources.
Hacker Group ‘Dark Storm’ Claims Responsibility
A hacker group known as Dark Storm has reportedly claimed responsibility for the attack. According to cybersecurity firm SpyoSecure, they spoke with the leader of Dark Storm, who revealed that a Distributed Denial-of-Service (DDoS) attack had been launched against the platform.
DDoS attacks are a form of cyberattack in which servers are overwhelmed with excessive traffic, rendering websites or services inaccessible to users. During the incident, many users reported being unable to load pages or perform standard functions on the X platform.
However, it’s important to clarify that Dark Storm is not confirmed to be based in Ukraine, despite the Ukrainian origin of some IP addresses involved. Experts caution that IP addresses can often be spoofed or rerouted, and may not reflect the true location of the attackers.
Musk Warns of Well-Resourced Attackers
Prior to the interview, Musk had posted on X about the ongoing issues, stating that the platform was under attack by cyber actors with access to significant resources.
He implied that the perpetrators could either be a well-coordinated hacker collective or potentially operating with state-level support.
“The nature of the attack suggests either a highly coordinated group or the involvement of a nation-state,” Musk noted.
The incident has raised fresh concerns about the cybersecurity of major social platforms, especially those with wide global influence. It also highlights the increasing frequency of cyber warfare tactics being deployed across digital spaces, often blurring the lines between criminal activity and political aggression.
Further updates are expected as the investigation continues and cybersecurity teams work to fully restore and secure the platform.
