- X LED Power Cuts Monday 10 March Due to a “Massive Cyberattack”
- CEO Elon Musk attributed “IP addresses derived from the Ukraine area”
- Security experts suggest that the true origin of the attack cannot be identified
Tl; DR What causes the power cut?
Analysts believe that a distributed attack on the denial of service overloaded XS servers with fake traffic that interrupts the access for real users. Due to the nature of the attack, it is not really possible to identify with certainty where it originated. Hackers used devices in several regions that conducted traffic through a number of hijacked IP addresses.
The Social Media Platform X, formerly known as Twitter, suffered several power cuts on Monday 10 March. Thousands of X users in both the US and the UK reported that they could not access the site throughout the day.
In a speech with Fox Business, owner Elon Musk attracted power cuts to a “massive cyberattack” and claimed that “IP addresses derived from the Ukraine area” was behind it.
With reported problems peaking at 40,000 on the down detector, the extent of the power interruption is in no doubt. It is the most significant interruption of service that the platform has suffered for years, with the effects of the power cuts lasting for several hours.
But now the dust has settled down, what exactly caused the power cut? Here are the original theories, followed by the thoughts of cybersecurity experts …
Allegation: Ukraine-based hackers were behind X Cyberattack
In the wake of the X interruption, the question of its cause – and who might be behind it.
Elon Musk went to X Monday to share his belief that the attack had been performed “with a lot of resources”. He continued to claim that “either a large, coordinated group and/or a country is involved”, followed by his later comments on Fox Business that it came from “IP addresses derived from the Ukraine area”.
There was (still is) a massive cyberattack against 𝕏. We are attacked every day, but this was done with a lot of resources. Either a large, coordinated group and/or a country involved. Tracking … https://t.co/azso1a92noMarch 10, 2025
The Hacking Group Dark Storm team briefly assumed responsibility for the attack on telegram, although the position was later deleted.
In the midst of the uncertainty and the clue we have gathered a clearer picture of what happened and deciphered Musk’s claims in the midst of the ongoing geo-political spat with President Volodymyr Zelensky.
Reality: It is impossible to find the real source of the x -attack
Analysts on the web are widely united in their understanding that X suffered a distributed attack on denial of service (DDOS) Monday. This is traditionally quite a raw form of cyberattack. It floods a target’s servers with illegitimate traffic, overwhelm their capacity and prevents real users from accessing that site.
Ciaran Martin -a professor at Oxford University’s Blavatnik School of Government and former head of the United Kingdom Cyber Security Center -who spoke with BBC Radio 4’s Today Program -a professor at Oxford University’s Blavatnik School for the Government and former head of Britain’s National Cyber Security Center.
Some experts suggest something else. David Mound, senior penetration tests at third-party risk management platform Security Scorecard, said in a statement that “DDOS attacks have evolved dramatically”. He pointed out that “attackers are now distributing traffic across the entire Undernet”.
It repeats comments from industry insiders elsewhere. Several experts have emphasized that DDOS attacks are usually orchestrated using a battalion of units across the globe. Traffic tends to be generated from IP addresses that are distributed over different regions, making it difficult to clarify exactly where the attack originated.
In a speech with Wired, Shawn Edwards, Chief Security Officer for Zayo, a network connection company said that “attackers often use compromised devices, VPNs or proxy networks to obscure their true origin.”
As a result, it is difficult to find the real source of an attack. Even if the traffic came from IP addresses in a particular country that Musk suggested, it does not mean that the cyber attacks were located in this country. With Professor Martin’s words, “it tells you absolutely nothing.”
Incidentally, Wired also cited an anonymous researcher who said that none of the top 20 traffic sources involved in the attack were located in Ukraine. If correct, the disprove Musk’s statement of Ukrainian hackers would. There seems to be some proof behind his claim that IP addresses involved in the attack are from Ukraine. Even if they did, it alone would not be proof that any group in the country was actually involved in the attack.
That is not to say that a state actor could not be involved. Haug made it clear that “national -state actors also employ DDOs as part of wider cyber influence and disturbance campaigns, especially in geopolitical conflicts”.
Another question is how the attack was able to affect X so significantly. DDOS attacks are relatively common, with Musk himself posting Monday that X is “attacked every day”. So why did this one bring down x? Musk is eager to suggest that a heavily resourceed group is behind it.
However, a number of independent analysts have identified that XS servers were not properly secured, leaving them publicly exposed to the attack. To quote Professor Martin again, it does not reflect well on their cyber security. “
Cyber specialists warn of an increase in regularity and complexity of DDOS attacks. In some cases, attackers are “blackmailing companies by threatening long -term downtime,” says Mound. Others threaten “politically motivated disruptions to governments, financial institutions and infrastructure providers.”
Mound concludes: “With attackers constantly refining their techniques, a proactive, adaptive safety position is important to resist modern DDOS threats.”
