X hit by 'massive cyberattack' amid Dark Storm's DDoS claims

Updates added to the end of the article.

The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare.

While X owner Elon Musk did not specifically state that DDoS attacks were behind the outages, he did confirm that it was caused by a "massive cyberattack.".

"There was (still is) a massive cyberattack against X," Musk posted on X.

"We get attacked every day, but this was done with a lot of resources. Either a large, coordinated group and/or a country is involved. Tracing ..."

Dark Storm is a pro-Palestinian hacktivist group that launched in 2023 and has previously targeted organizations in Israel, Europe, and the US.

Today, the group posted to their Telegram channel that they were conducting DDoS attacks against Twitter, sharing screenshots and links [1, 2] to the check-host.net site as proof of the attack.

Check-host.net is a website that allows visitors to check the availability of a website from different servers throughout the world. The website is commonly used during DDoS attacks to show that an attack is taking place.

X is now being protected by the DDoS-protection service Cloudflare, which shows a captcha when suspicious IP addresses connect to the site when a single IP address generates too many requests.

The help.x.com section of the site currently displays a Cloudflare captcha for all requests, as shown below.

Hacktivists have demonstrated time and time again their ability to disrupt massive technology platforms using botnets and other resources.

In 2024, the United States indicted two Sudanese brothers for the suspected operation of the Anonymous Sudan hacktivist group.

Anonymous Sudan successfully took down the websites and APIs of some of the largest technology firms, including Cloudflare, Microsoft, and OpenAI, disrupting services for many worldwide.

Update 3/11/25: Elon Musk told Fox Business yesterday that the cyberattack against X involved IP addresses originating from Ukraine.

"We are not sure exactly what happened but there was a massive cyberattack to try and bring down the X system, with IP addresses originating in the Ukraine area," Musk said in the interview.

However, the Dark Storm threat actors, who claimed to be behind the attack, denied any connection to Ukraine in a statement posted yesterday.

"Elon Musk claims the cyberattack on X originated from Ukraine. This is an accusation without evidence. We have no ties to Ukraine," the group posted on Telegram.

When conducting DDoS attacks, threat actors typically utilize low-cost hosting providers or malware botnets composed of compromised computers and devices in many different countries. These infected devices are then used to generate a surge of traffic aimed at overwhelming a targeted website, rendering it unresponsive.

BleepingComputer reached out to X for confirmation on whether the attack involved only Ukrainian IP addresses or if devices from other countries were also used. As of now, the company has not responded.

Update 3/11/25: Added Elon Musk's statement that attack contained Ukraine IP addresses.

Top 10 MITRE ATT&CK^© Techniques Behind 93% of Attacks

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

Read the Red Report 2025