TLDR
- Claiming responsibility, hacktivist group Dark Storm launched DDoS attacks on X (the platform formerly known as Twitter), leading to widespread service interruptions.
- During an interview with Fox News, Elon Musk implied Ukraine might be linked to the attack, highlighting IP traces from 'the Ukraine area.'
- The platform outages affected around 40,000 users in the US and 10,800 in the UK, causing sporadic connectivity issues throughout the day.
- Dark Storm has a history of attacking entities with ties to Israel, airports, and other vital infrastructures, and it has expanded into 'cybercrime-as-a-service.'
- Experts in cybersecurity have observed that DDoS tactics have advanced from mere volume-based attacks to more complex strategies like application-layer floods and targeted abuse of APIs.
On Monday, the X social media platform endured a substantial cyberattack. The disruption, impacting tens of thousands, was attributed by the hacktivist group Dark Storm, describing their actions as a demonstration against platform owner Elon Musk and US President Donald Trump.
Starting around 6:00 a.m. Eastern Time, X platform users experienced sporadic disruptions globally. The peak, at around 10:00 a.m., saw approximately 40,000 users in the US and 10,800 in the UK affected, as tracked by Downdetector.
A Bluesky user going by “Puck Arks” A user claimed pro-Palestinian hackers from Dark Storm were responsible for the interruptions, using the hashtag #takedowntwitter to indicate the continuation of DDoS attacks.
Claiming a stance against 'the fascism' of Elon Musk and Donald Trump, an online user asserted that Dark Storm's digital army would maintain their DDoS protests targeting X.
Elon Musk’s initial response to the outage spotlighted efforts to pinpoint the attack's source, acknowledging its organized and resourced nature, potentially involving a large group or a nation.
In an interview, Musk hinted at Ukraine as a possible culprit, citing IP addresses traced to 'the Ukraine area,' but did not offer concrete evidence.
Following a weekend of protests at Tesla dealerships, reports noted demonstrators storming and damaging showrooms, drawing parallels to earlier Tesla-related provocations.
Musk attributed the Tesla dealership protests to financial backing from billionaires George Soros and Reid Hoffman via ActBlue, though Hoffman denied these allegations as another of Elon’s unfounded claims.
David Mound from SecurityScorecard elaborated on the sophistication of modern DDoS attacks, highlighting a shift to application-layer (L7) floods, adaptive bot-driven traffic, and targeted API assaults, complicating defensive efforts. Mound explained the execution of attacks via distribution of traffic across wide subnets, leveraging high-amplification methods such as Memcached and DNS to inundate networks, backed by major IoT-powered botnets.
SecurityScorecard's 2023 report revealed Dark Storm's persistent activity targeting entities within and beyond Israel since the Gaza conflict, pointing to their focus on sensitive industries and public sectors.
Dark Storm openly admitted DDoS attacks on major airports and Snapchat, with researchers noting a hybrid of political and commercial interests, now offering 'cybercrime-for-hire' services.
Research suggests Dark Storm's engagements with NATO member states and others supporting Ukraine might signify Russian geopolitical angles, albeit their exact tie to the Bluesky user Puck Arks remains uncertain.
Mound recognized a revival in hacktivism, with groups like Killnet launching politically driven disruptions against governments and critical institutions, and ransom DDoS becoming a monetary pursuit.
Pointing to nation-state entities, Mound emphasized the use of DDoS within broader cyber stratagems, especially amidst geopolitical tensions, advocating for proactive security measures.
By Monday afternoon, Downdetector recorded a drop of affected X users to nearly 1,000, as Musk confirmed the platform’s restored function around 4:30 p.m. ET, commenting: 'It’s up.'
Nicholas Reese of New York University doubted state involvement, reasoning that the short-lived outages wouldn't align with state-level tactics aiming for concealed impacts.
Reese distinguished between overt, disruptive attacks and covert, stealthy ones, noting the latter's higher strategic value, and critiqued the hacktivist message due to the minimal outage.
As Blockonomi's Editor-in-Chief and Kooc Media founder, the UK-based advocate for open-source, blockchain, and internet freedom, he has been recognized by outlets like Nasdaq and Forbes. Contact: [email protected].
Darkweb actors claim they're holding a substantial information breach of Gemini and Binance's US user data.
Beware of phishing schemes as Coinbase and Gemini exchange users are lured in with deceptive tactics targeting their accounts.
North Korean cyber operatives have shifted $750,000 worth of Ethereum to Tornado Cash, revealing new malware tools.
level-up-casino-app.com supplies content for education only, not as buy or sell endorsements. The site's opinions aren't financial advice; seek professional guidance where needed.
