Elon Musk has claimed that the “massive cyberattack” that brought down his social media platform X on Monday originated from IP addresses in Ukraine—but a known pro-Palestinian hacking group has since claimed responsibility.
Musk, who also leads Tesla and SpaceX, confirmed earlier in the day that X was targeted in a significant distributed denial-of-service (DDoS) attack, which knocked the platform offline for millions of users around the world.
The billionaire also speculated that the scale of the attack indicated a coordinated effort, possibly linked to a foreign state. However, hours later, a hacker collective known as Dark Storm Team publicly claimed responsibility, complicating the attribution of the cyber incident.
DDoS Attack Cripples X for Hours
The outage began early Monday morning, with users reporting widespread issues accessing X’s app and website as early as 5:30am ET. By 10am, website monitoring service Downdetector reported over 40,000 user complaints globally.
The attack appeared to be a DDoS assault, in which hackers overwhelm servers with artificial traffic, effectively forcing a site offline. Users experienced errors such as “Something went wrong, try reloading,” while others were unable to log in or access posts.
By 5pm ET, engineers had largely regained control of the platform, and user reports of issues dropped significantly.
Hacker Group Steps Forward
Despite Musk’s statement regarding Ukrainian IP addresses, Dark Storm Team, a pro-Palestinian hacktivist group, posted on Monday afternoon claiming they were behind the attack. According to cybersecurity firm SpyoSecure, the group admitted launching the DDoS attack, though they have no known links to Ukraine or Ukrainian-affiliated cyber actors.
The group is reportedly known for targeting companies and organizations that support Israel’s military actions in Gaza, not for involvement in broader geopolitical cyberwarfare.
Geopolitical Context: Musk vs. Zelensky
Musk’s remarks come amid rising tensions between Ukraine and the U.S., and following increasingly public spats between Musk and Ukrainian President Volodymyr Zelensky. Just last week, Musk accused Zelensky of promoting a “forever war” and called him “evil.”
Musk also courted controversy when he claimed on X that his Starlink satellite network was “the backbone of the Ukrainian army”, suggesting that if he withdrew the service, Ukraine’s front line would collapse. The statement was criticized by Polish Foreign Minister Radosław Sikorski, who accused Musk of making threats toward a war-torn nation.
In response, Musk told the Polish minister to “be quiet” and dismissed him as a “small man.”
The cyberattack also came just one day after those comments, prompting further speculation that Musk’s geopolitical positioning may have made X a target—though the true origin and intent behind the attack remains murky.
U.S.-Ukraine Relations at a Crossroads
Tensions between Washington and Kyiv have escalated in recent weeks. A February 28 Oval Office meeting between Trump and Zelensky reportedly ended in acrimony, with Trump accusing the Ukrainian president of warmongering and ingratitude before ejecting him from the White House.
A proposed minerals deal between the U.S. and Ukraine collapsed, and U.S. support for the war has notably cooled, with the Biden administration now pursuing direct diplomatic engagement with Moscow.
Zelensky, currently in Saudi Arabia for talks with Crown Prince Mohammed bin Salman, is expected to meet with U.S. officials on Tuesday in a bid to salvage diplomatic relations and seek a peaceful resolution to the ongoing war with Russia.
A Platform Under Siege
The X platform—formerly Twitter—has faced mounting cyber threats and technical instability since Musk’s takeover. Monday’s attack, however, was among the most disruptive incidents to date, affecting the app’s 600 million active monthly users.
While the site is now functioning again, cybersecurity experts are urging caution before attributing blame.
“Just because an IP address appears to be from a specific country doesn’t mean the attacker is,” said one cybersecurity analyst. “Sophisticated actors often use proxies to mask their true location.”
What Happens Next?
While the attacker’s identity remains uncertain, the sheer scale of the attack and conflicting claims suggest the event is part of a broader struggle between tech, politics, and global conflicts playing out online.
As the dust settles, users and security analysts alike will be watching closely to see whether this is an isolated incident—or a sign of escalating cyber warfare in the digital age.
