Pointing finger at Ukraine after X outage is ‘dangerous’, cyber expert says

11 March 2025, 16:14

Elon Musk said there was a cyberattack on X (Kirsty Wigglesworth/PA)
AI safety summit. Picture: PA

Mr Musk said it was being targeted in a ‘massive cyberattack’ and that the attackers had ‘IP addresses originating in the Ukraine’.

It would be “dangerous to point the finger” at Ukraine after Elon Musk said X’s outage had links to the country, a cybersecurity expert said.

Mr Musk said the social media platform was being targeted in a “massive cyberattack”, telling Fox Business Network that the attackers had “IP addresses originating in the Ukraine area”.

Complaints about outages spiked around 11am UK time on Monday, and again four hours later, with more than 40,000 users reporting no access to the platform, according to tracking website Downdetector.com.

Jake Moore, global cybersecurity adviser at software security firm Eset, told the PA news agency that he is “confident” it was a distributed denial-of-service (DDoS) attack, which involves multiple IP addresses flooding a server or website with internet traffic.

He went on: “Unfortunately, X remains one of the most talked about platforms making it a typical target for hackers marking their own territory.

“All that can be done to future proof their networks is to continue to expect the unexpected and build even more robust DDoS protection layers.

“IP addresses can also be directed via software to be seen to have originated anywhere in the world.

“Therefore, even if their analysis suggests Ukraine, it would be dangerous to point the finger so early on.”

Mr Moore added that “simple analysis” of the IP addresses would point towards their location, but that this can be “tampered with” to make it seem that the origin is in a different country.

I am very surprised that X fell over as a result of a DDoS attack

Ciaran Martin

He said: “Without seeing the report of the investigation it would be difficult to agree with this accusation either way.”

Dan Card, a cyber expert from BCS – The Chartered Institute for IT, said: “The idea that someone can attribute this to Ukraine or the Ukraine area in that timeframe or at all – given the nature of DDoS/DoS attacks and architecture – is fantasy.”

He added: “It’s possible that Elon Musk is attributing it to Ukraine for political and business reasons, but Musk’s attribution statement is doubtful – based on the timeframe and source.”

The former chief executive of the National Cyber Security Centre (NCSC), Ciaran Martin, told BBC Radio 4’s Today programme that it was a “remarkable incident”.

Mr Martin said: “I am very surprised that X fell over as a result of a DDoS attack, it’s a very large-scale DDoS attack but it’s not that sophisticated, it’s a very old technique.”

He said that he could not think of an example of a company the size of X “falling over” due to a DDoS attack “for a very long time”, adding that it “doesn’t reflect well on their cybersecurity”.

Mr Martin said that Mr Musk’s claim that the attack had links to Ukraine was “wholly unconvincing based on the evidence so far” and “pretty much garbage”.

Hacktivism has resurged, with groups like Killnet and Anonymous Sudan launching politically motivated disruptions against governments, financial institutions, and infrastructure providers

David Mound

Toby Lewis, of cybersecurity firm Darktrace, said: “This appears to be a fairly standard DDoS attack on X – essentially an overwhelming amount of traffic designed to disrupt the service.

“Like all DDoS attacks, the effect is temporary, and so users to X this morning may well not spot anything wrong at all.

“Importantly, these sorts of attacks are almost always delivered by botnets. Globally distributed networks of computers that have been unknowingly recruited to take part in the attack – typically through some form of compromise or the use of malware.”

Meanwhile, David Mound, of third-party risk management platform SecurityScorecard, said: “Beyond technique evolution, DDoS motivations are shifting.

“Hacktivism has resurged, with groups like Killnet and Anonymous Sudan launching politically motivated disruptions against governments, financial institutions, and infrastructure providers.

“Meanwhile, ransom DDoS campaigns have increased, with attackers extorting businesses by threatening prolonged downtime.

“Nation-state actors are also employing DDoS as part of broader cyber influence and disruption campaigns, particularly in geopolitical conflicts.”

Mr Musk, who is acting as an adviser on federal spending to Donald Trump, previously said Ukrainian president Volodymyr Zelensky is running a “fraud machine feeding off the dead bodies of soldiers”, suggesting limited appetite for continued American support for Ukraine.

The Tesla CEO bought the site, formerly Twitter, in 2022.

By Press Association

More Technology News

See more More Technology News

People ride an upward escalator next to the Dior store at the Icon Siam shopping mall on June 12, 2024 in Bangkok, Thailand.

Luxury fashion giant Dior latest high-profile retailer to be hit by cyber attack as customer data accessed

A plane spotter with binoculars from behind watching a British Airways plane landing

‘Flying taxis’ could appear in UK skies as early as 2028, minister says

Apple App Store

Take on Apple and Google to boost UK economy, think tank says

A survey of more than 1,000 employers found that around one in eight thought AI would give them a competitive edge and would lead to fewer staff.

One in three employers believe AI will boost productivity, research finds

Hands on a laptop showing an AI search

One in three employers believe AI will boost productivity, research finds

Music creators and politicians take part in a protest calling on the Government to ditch plans to allow AI tech firms to steal their work without payment or permission opposite the Houses of Parliament in London.

Creatives face a 'kind-of apocalyptic moment’ over AI concerns, minister says

Ngamba Island Chimpanzee Sanctuary on Lake Victoria, Uganda

Chimps use medicinal plants to treat each other's wounds and practice 'self-care' as scientists hail fascinating discovery

Close up of a person's hands on the laptop keyboard

Ofcom investigating pornography site over alleged Online Safety Act breaches

The Monzo app on a smartphone

Monzo customers can cancel bank transfers if they quickly spot an error

Co-op sign

Co-op to re-stock empty shelves as it recovers from major hack

The study said that it was often too easy for adult strangers to pick out girls online and send them unsolicited messages.

Social media platforms are failing to protect women and girls from harm, new research reveals

Peter Kyle leaves 10 Downing Street, London

Government-built AI tool used to cut admin work for human staff

In its last reported annual headcount in June 2024, Microsoft employed 228,000 full-time workers

Microsoft axes 6,000 jobs despite strong profits in recent quarters

Airbnb logo

Airbnb unveils revamp as it expands ‘beyond stays’ to challenge hotel sector

A car key on top of a Certificate of Motor Insurance and Policy Schedule

Drivers losing thousands to ghost broker scams – the red flags to watch out for

Marks and Spencer cyber attack

M&S customers urged to ‘stay vigilant’ for fraud after data breach confirmed