Musk Blames Ukranian IP Addresses for Cyber Attack on X

Elon Musk says X (formerly Twitter) has been hit by a "massive cyber-attack" on Monday, after thousands of users in the UK and the US reported outages, which the billionaire blames on IP addresses originating from the Ukraine area.

Mr Musk, who owns the platform since late 2022, suggested the attack may be ongoing. "We get attacked every day, but this was done with a lot of resources," he wrote in a post on X.  He suggested that "either a large, coordinated group and/or a country is involved".

Elon Musk’s X was hit by waves of outages earlier on Monday. “We’re not sure exactly what happened,” Musk said during a Fox Business interview Monday afternoon. “But there was a massive cyberattack to try to bring down the X system, with IP addresses originating in the Ukraine area.”

Musk did not give any further details about the origin of the attack, including whether he believes it was connected to the Ukrainian government. It is possible to mask IP addresses and make it seem as though the traffic is coming from elsewhere, and spoofing locations is often offered by hackers-for-hire.

According to outage tracking site DownDetector, the problems began around 6 a.m. ET when up to 20,538 users reported problems. The issues temporarily died down before nearly 40,000 users reported outages at 10 a.m. Outages reported on DownDetector began to drop around 2 p.m. ET and trailed off throughout the afternoon.

Many users on DownDetector said the platform wouldn’t load, and the outage appeared to be global, according to DownDetector’s international sites. During the Fox Business interview, which aired during the 4 p.m. ET hour, Musk said platform was working again. DownDetector data is self-reported, meaning it doesn’t fully represent the outage’s scale.

Musk also replied “Yes” to a post on X suggesting people are trying to silence the billionaire and his platform, although no further details about the service disruption, including whether it was caused by a targeted attack, have been revealed.

A CNN report says Eric Noonan, CEO of cybersecurity provider CyberSheath, told CNN that it’s likely too early to tell if an attack caused the issues. “One of the things that should always be taken with a grain of salt is any statements made in the short period of time, immediately after, or even in this case during an attack.”

Musk has a history of attributing technical snafus to cyberattacks. When his conversation with Donald Trump on X started 42 minutes late in August 2024, he said there was a “probability” of an attack.

“Given the prominence of this conversation, there was of course a 100% probability of DDOS attacks,” Musk posted on the social media platform at the time. DDOS stands for “distributed denial-of-service,” which involves overwhelming servers with fake traffic to cause service disruptions.

Ransomware attacks have been more common than DDOS attacks in recent years because they’re usually financially motivated, according to Noonan. DDOS, however, is typically used to cause a disruption, which also makes confirming the source of these types of attacks more difficult.

Musk immediately after acquiring X after  - then called Twitter, in 2022,  laid off top executives and, within days of acquiring, cut 3,500 people, or around half the platform’s workforce. He laid off  80 per cent of the staff in total and required the remaining employees to return-to-office full time.

The platform has experienced a series of glitches and disruptions since the acquisition.