Global Outage Hits X as Dark Storm Claims Responsibility for DDoS Attack

A distributed denial-of-service (DDoS) attack claimed by the pro-Palestinian hacktivist group Dark Storm.

The incident disrupted access for tens of thousands of users across mobile and web platforms, marking the platform’s first major outage in 202548.

Technical Breakdown of the Attack

The cyberattack involved flooding X’s servers with excessive traffic from geographically distributed sources, overwhelming infrastructure, and causing intermittent service failures.

Dark Storm utilized a botnet—a network of compromised devices—to execute the DDoS campaign, which targeted critical endpoints like login systems and content delivery networks.

Key technical responses included:

• Cloudflare Integration: X deployed Cloudflare’s DDoS protection services, which mitigated attacks by filtering malicious traffic and implementing CAPTCHA challenges for suspicious IP addresses.
• Traffic Analysis: Engineers traced anomalous traffic patterns to identify attack vectors, though Musk noted the hackers employed “significant resources” to mask their origins.

Attribution and Geopolitical Context

While Dark Storm publicly claimed responsibility on Telegram, linking the attack to protests against Elon Musk’s policies and political alliances, Musk suggested potential state involvement. During a Fox News interview, he stated, “IP addresses were traced back to the Ukraine area”.

However, cybersecurity experts cautioned that IP spoofing and relayed traffic through compromised nodes make direct attribution challenging7.

Group Profile	Dark Storm
Emergence	2023
Primary Targets	Pro-Israel entities in the US, Europe, and Israel
Tactics	DDoS attacks, hacktivist messaging via Telegram

The group’s motivations align with previous campaigns against organizations perceived as supporting Israel’s policies in Gaza.

Impact and Mitigation

The attack caused three distinct outage waves:

1. 2:30–3:00 AM PT: Initial login failures and API disruptions.
2. 6:30–7:30 AM PT: Global access issues, including Downdetector reports surpassing 40,000.
3. 8:00–11:00 AM PT: Intermittent outages during Cloudflare’s countermeasures.

By 4:30 PM ET, services stabilized, though Musk acknowledged residual vulnerabilities: “We get attacked every day, but this was done with a lot of resources”.

Broader Implications

1. Hacktivist Capabilities: Dark Storm’s attack underscores the scalability of DDoS tools available to non-state actors, leveraging rented botnets and stresser services.
2. Attribution Challenges: Musk’s Ukraine claim highlights the politicized nature of cyber forensics, where false flags and VPNs obscure true origins.
3. Platform Resilience: X’s reliance on third-party protections like Cloudflare reveals dependencies in modern web infrastructure.

Expert Analysis

Jake Moore, ESET’s Global Security Advisor, noted:

“DDoS attacks remain popular due to their low technical barrier and anonymity. Organizations must adopt layered defenses, including rate-limiting and AI-driven traffic analysis”5.

The incident follows a 2024 precedent where Anonymous Sudan disrupted Microsoft and OpenAI using similar methods, emphasizing persistent threats to centralized platforms.

Ongoing Investigations

X’s security team continues to analyze server logs and collaborate with law enforcement.

While Musk has not formally accused Ukraine, the incident has sparked debates about cyber proxies in geopolitical conflicts.

As of March 11, Dark Storm’s Telegram channels remain active, signaling risks of follow-up attacks.

For users, the outage serves as a reminder of the fragility of social media ecosystems under sustained cyber warfare.

Also Read:

Rackspace Targeted in Latest CL0P Ransomware Attack