Musk blames Ukrainians for cyberattack on X. Experts aren’t convinced.
POLITICO - Tuesday, March 11, 2025Cybersecurity experts including the United Kingdom’s former cybersecurity chief are pouring cold water over Elon Musk’s suggestion that a large-scale cyberattack on his social media site X came from Ukraine.
Musk on Monday said X had been deluged by a “massive cyberattack” involving “either a large, coordinated group and/or a country.” The tech mogul and close ally of United States President Donald Trump later told the Fox Business channel that “there was a massive cyberattack to try to bring down the X system, with IP addresses originating in the Ukraine area.”
But cybersecurity experts were quick to push back.
“What Mr. Musk has said is wholly unconvincing based on the evidence so far. It’s pretty much garbage,” Ciaran Martin, a former chief executive of the United Kingdom’s cybersecurity agency, who now teaches at Oxford University, told the BBC on Tuesday morning.
The cyberattack on X impacted users since at least Monday morning and destabilized many features on the website, such as viewing posts and user profiles. Musk’s statements and cybersecurity experts’ observations suggest it was a so-called distributed-denial-of-service attack (DDoS), which involves pointing an overwhelming amount of traffic at a website to bring it down.
In a DDoS attack, the origin of IP addresses is largely irrelevant: The attacks come from networks of electronic devices spread across the world, called “botnets,” that direct the traffic to a targeted website.
Martin said that could mean some of those devices were from Ukraine, but “some of them will be from Russia, some will be from Britain, from the U.S., South America, everywhere. It tells you absolutely nothing.”
Dmitry Budorin, founder of Ukrainian cybersecurity firm Hacken, said on X that DDoS attacks “botnets use hijacked devices worldwide, and the IP addresses seen in the attack traffic are just those of the infected machines, not the masterminds.”
Reuters reported an industry source saying the amount of traffic coming from Ukraine appeared “insignificant.”
A pro-Palestinian group called Dark Storm claimed responsibility for the attack on its Telegram channel. Cybersecurity researchers at Check Point Research, which has been tracking the group, told POLITICO the Dark Storm group had appeared to show proof that it had carried out the attack — but a spokesperson for Check Point warned that attribution “remains complex.”
The cyberattacks on Monday came after days of organized protests and vandalism at industry sites of Musk’s car company Tesla, directly targeting the world’s richest man’s business interests in protest of his role spearheading massive cuts to government departments.
Musk has also clashed with Ukraine’s government in recent weeks, including in an ongoing spat about Kyiv’s use of his satellite network Starlink.
Lukasz Olejnik, a cybersecurity consultant and visiting senior research fellow at King’s College London, said “multiple scenarios should be considered” when analyzing Musk’s response, “including a potential false-flag operation, perhaps trying to blame Ukraine.”
“In realistic terms, such a DDoS should not become a world-impacting event. But the figure of Musk and his importance in current U.S. politics changes the outlook,” Olejnik said.