“There was (still is) a massive cyberattack against X,” was posted by Elon Musk on March 10, 2025. The attack had multiple waves as reported by Downdetector. The attack focused on U.S. and U.K. users. Distributed denial-of-service (DDoS) attacks occur when multiple compromised systems and botnets send excessive amounts of data requests to the target’s servers. This ultimately results in servers being inaccessible.
DDoS on X Facts:
On March 10, 2025, X (formerly Twitter) owner Elon Musk posted on his X account that the platform was suffering from a distributed denial-of-service (DDoS) attack. “We get attacked every day, but this was done with a lot of resources. Either a large, coordinated group and/or a country is involved." Few details were provided. However, the internet service monitoring site Downdetector provided a timeline for the outage.
It was reported that beginning around 5:40 a.m. ET users could not post to the platform or received error messages such as “Something went wrong. Try reloading.” By 6 a.m. ET, there were more than 20,000 user reports that the service was inaccessible. There was a slow return to normalcy during the morning, but complaints began to spike around 9 a.m. ET and hit a peak of 40,000 reports by 10 a.m. ET. The X service again became available but was hit by the DDoS attack a third time shortly after 1 p.m. ET. By 5 p.m., there were reports of the service being down for roughly 1,500 users.
Claims of Responsibility
DDoS attacks use devices from around the globe to generate network traffic used to overwhelm servers, so it is difficult, if not impossible, to determine the originator of an attack. In this case, two organizations have claimed credit. It is not unusual for multiple entities to take credit for high-profile events. The first is the hacktivist group Anonymous, which posted a message claiming responsibility for the attack. It is unclear if this was an actual Anonymous post or that of an imposter.
A less well-known threat actor, Dark Storm Team, also claimed credit for the attack. This relatively new pro-Palestinian hacktivist group, which could have ties to Russian cybercriminals, also has taken credit for DDoS attacks on several major airports and Snapchat.
The Distributed Denial-of-Service (DDoS) Weapon
DDoS attacks have been used against companies for decades. The first associated with the internet was in 1996, when internet service provider Panix was targeted. The turn of the century saw a rise in attacks that impacted many internet users, thus increasing public awareness of such tactics. Over the years, many prominent companies have had their internet infrastructure brought to a standstill by DDoS attacks.
Some recent examples of DDoS attacks include a Microsoft365 suite outage in June 2023 that generated 18,000 outage and problem reports on Downdetector. Video game company Blizzard has been dealing with DDoS attacks against their online servers, thus preventing players from accessing their favorite games. Interestingly, these attacks seem to be directed at a specific group of players.
X may have been the target of efforts to disrupt a livestream interview between Musk and President Trump on August 12, 2024. It is unknown if the delay in broadcasting was the result of a DDoS or an overload of the system because of the high number of participants.
What the Experts Are Saying
It really could be Dark StormTeam who is behind this attack, is what Bugcrowd’s Founder Casey Ellis believes. “It's difficult to say with incomplete information, and in the early stages of things, but between the sustained nature of the outage and Dark Storm Team taking credit for it on Telegram, this does appear to be a legitimate cyberattack on X.”
Chad Cragle, CISO at Deepwatch, points out that these types of cyberattacks, even if they claim to be from hacktivists, are, in reality, an element of cyber warfare. “These are full-scale DDoS assaults, combined with sophisticated botnet activity, credential stuffing, API abuse, and targeted application-layer attacks designed to cripple operations. While technical issues can occur, X’s engineers understand scalability and redundancy. This isn’t incompetence; it’s cyberwar hitting at full force. With Musk in the spotlight and political tensions at a peak, these attacks bear all the indicators of nation-state aggression. They’re throwing everything but the kitchen sink at X and others, pushing for maximum disruption, downtime, and, if possible, data exposure.”
“Major platforms typically face numerous attack attempts daily” is a reality provided by SlashNext Field CTO J. Stephen Kowski. He also points out that “for every company, there is a tradeoff between cybersecurity defense costs and revenue-generating activities, with most companies being a bit understaffed and under-resourced in their security operations.
Cybersecurity expert Evan Dornbush concurs with Kowski that these types of attacks are an opportunity to improve protection. “Cybersecurity is not a cost; it is an investment. Preventing breaches, DDoS attacks, and other business impacts is more cost-effective than dealing with the inevitable, highly public aftermath of one.”
Recap
The attack on X is just one of many such incidents. Everyday DDoS attacks target high-profile organizations on the internet, such as government agencies, social media, business operations, and gaming companies. There are many reasons for such attacks, and organizations need to understand the potentiality that their operations can be shut down with little warning by bad actors.
Technology solutions, such as web application firewalls and load balancers, can be configured to limit the success of denial-of-service attacks. Also, network traffic logs need to be monitored to pinpoint potential threats. Entities need to utilize threat intelligence to understand what groups may be interested in attacking and as a potential early warning system. As the experts point out, investment in defenses is required, especially when an attack could be part of a campaign carried out by a nation-state.
The industry is getting better at limiting and recovering from attacks, but preparedness is key. Organizations to have a crisis management program and communicate quickly to customers and users about outages to their services. This is imperative to retain customer trust.
This incident underscores the critical need for robust cybersecurity defenses in a digital world increasingly fraught with complex threats.
