Social network X suffered intermittent outages on Monday due to a series of distributed denial-of-service (DDoS) attacks. In an initial post, owner Elon Musk attributed the attack to a “massive cyberattack” perpetrated by either a large group or a country. However, in an interview later that day, Musk claimed the attackers were from Ukrainian IP addresses.
Experts say DDoS attacks are launched by coordinated groups of computers, known as botnets, which generate traffic with diverse IP addresses and can be difficult to track. “IP attribution alone is not conclusive,” says Shawn Edwards, chief security officer of Zayo. The internet intelligence team at Cisco’s ThousandEyes observed network conditions characteristic of a DDoS attack, including significant traffic loss.
DDoS attacks are common, but X’s outages may have been due to the attackers targeting unsecured origin servers directly. Experts point to evidence that these servers were not properly secured behind Cloudflare’s protection and were publicly visible, allowing attackers to target them directly.
Musk’s claim of Ukrainian involvement raises concerns about geopolitics and potential biases. If Ukrainian IP addresses did contribute to the attacks, it may be a matter of chance rather than intentional targeting. Experts say IP data can provide insights into botnet composition but not the actual perpetrator’s identity or intent.
The incident highlights the need for proactive defense against DDoS attacks, which are common among modern internet services.
Source: https://www.wired.com/story/x-ddos-attack-march-2025