Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims

The social media platform X, formerly known as Twitter, suffered multiple outages on Monday, March 10, 2025, leaving thousands of users in both the US and the UK unable to access the website. The outage was attributed to a "massive cyberattack" by owner Elon Musk, who claimed that "IP addresses originating in the Ukraine area" were behind it. But are these claims supported by evidence?

The Claim: Ukraine-Based Hackers Were Behind the X Cyberattack

In the aftermath of the X outage, question marks remain over its cause – and who might be behind it. Elon Musk took to X on Monday to share his belief that the attack had been carried out "with a lot of resources". He went on to claim that "either a large, coordinated group and/or a country is involved", followed by his later statement on Fox Business that it came from "IP addresses originating in the Ukraine area".

The Reality: It's Impossible to Pinpoint the Real Source of the X Attack

Analysts across the web are broadly united in their understanding that X suffered a distributed denial-of-service (DDoS) attack on Monday. This is traditionally quite a crude form of cyberattack. It floods a target’s servers with illegitimate traffic, overwhelming their capacity and preventing real users from accessing the website in question.

However, due to the nature of the attack, it's not really possible to identify with certainty where it originated. Hackers used devices in several regions, routing traffic through a number of hijacked IP addresses. As cybersecurity expert Shawn Edwards pointed out, "attackers frequently use compromised devices, VPNs, or proxy networks to obfuscate their true origin."

Why Can't We Know for Sure?

Several experts have highlighted that DDoS attacks are usually orchestrated using a battalion of devices around the globe. Traffic tends to be generated from IP addresses which are distributed across different regions, making it hard to pinpoint exactly where the attack originated from.

In fact, an anonymous researcher quoted in Wired stated that none of the top 20 traffic sources involved in the attack were located in Ukraine. If correct, that would disprove Musk's statement regarding Ukrainian hackers.

The Real Reason Behind the Outage

So, what really caused the outage? Experts point to X's servers not being properly secured as a major contributor to the attack. As Ciaran Martin, professor at Oxford University's Blavatnik School of Government and former head of the UK's National Cyber Security Centre, said, "it doesn't reflect well on their cyber security." This lack of security left X's servers publicly exposed to the attack.

The Future of DDoS Attacks

Cyber specialists are warning of an increase in the regularity and complexity of DDoS attacks. As David Mound, Senior Penetration Tester at third-party risk management platform Security Scorecard, noted, "attackers now distribute traffic across entire subnets." This means that attackers can generate traffic from a large number of IP addresses, making it even harder to detect and defend against.

Mound concluded: "With attackers continually refining their techniques, a proactive, adaptive security posture is essential to withstand modern DDoS threats."

The Takeaway

While Elon Musk's claims about the X cyberattack may have some basis in reality, they are likely exaggerated. The true cause of the outage was more related to X's lack of proper security measures rather than a heavily resourced group or country.

As we move forward, it's clear that DDoS attacks will continue to become more complex and sophisticated. It's essential for companies like X to prioritize their cyber security posture to prevent such incidents in the future.