Elon Musk Alleges ‘Massive Cyberattack’ Behind X Outage

Elon Musk Blames ‘Massive Cyberattack’ for X Outage, Experts Push Back

Hours after a series of outages on Monday left thousands of users unable to access X, Elon Musk claimed the platform had been targeted in a “massive cyberattack.”

“We get attacked every day, but this was done with a lot of resources,” Musk wrote in a post. “Either a large, coordinated group and/or a country is involved. Tracing …”

Later that day, Musk told Fox Business Network’s Kudlow that the attackers had “IP addresses originating in the Ukraine area” but did not elaborate on the implications.

Cybersecurity experts were quick to point out that an attack appearing to originate from Ukraine doesn’t necessarily mean it was launched from there. Security researcher Kevin Beaumont noted on Bluesky that Musk’s claim lacked key context, stating, “It was actually IPs from worldwide, not just Ukraine.”

Beaumont identified the attack as a Mirai variant botnet, composed of compromised internet-connected cameras. While uncertain about the perpetrators, he suggested it “smells of APTs—advanced persistent teenagers.”

Allan Liska, a cybersecurity expert at Recorded Future, further clarified that even if a significant number of IP addresses were tied to Ukraine—“doubtful,” he added—they were likely part of a botnet controlled by a third party, which could be based anywhere in the world.

Reports of outages spiked at 6 a.m. and again at 10 a.m. Eastern, with over 40,000 users reporting issues via Downdetector.com. By midday, a sustained outage lasting at least an hour caused major disruptions, particularly along the U.S. coasts. The tracking site reported that 56% of the issues were linked to the X mobile app, while 33% were related to the website.

Determining the validity of Musk’s claims is challenging without access to technical data from X, which the company is unlikely to release, according to Nicholas Reese, an adjunct instructor at NYU’s Center for Global Affairs specializing in cyber operations.

Reese expressed skepticism that a state actor was involved, noting that the outages were relatively short-lived. “There are two types of cyberattacks—ones designed to be very loud and ones designed to be very quiet,” he explained. “The most valuable attacks tend to be quiet. This was meant to be discovered, which almost certainly rules out state actors.”

He added that while the attack may have been an attempt to send a message, the temporary nature of the outage made it “not much of a statement.” However, he cautioned that “a follow-on action” shouldn’t be ruled out.

In March 2023, X—then known as Twitter—experienced a wave of glitches that disrupted links, logins, and image loading for over an hour.

Following the latest outage, “X outage” trended on rival platform Bluesky, where some users welcomed newcomers and encouraged them to stay.

Musk, who purchased Twitter in 2022, continues to run X while also serving as CEO of Tesla and maintaining access to U.S. government data systems—often sporting a shirt that reads “tech support.”