“We get attacked every day, but this was done with a lot of resources,” Musk claimed in a post. “Either a large, coordinated group and/or a country is involved. Tracing…”
Later on Monday, Musk said on Fox Business Network’s Kudlow that the attackers had “IP addresses originating in the Ukraine area” without going into detail on what this might mean.
Cybersecurity experts quickly pointed out, however, that this doesn’t necessarily mean that an attack originated in Ukraine.
Security researcher Kevin Beaumont said on Bluesky that Musk’s claim is “missing a key fact – it was actually IPs from worldwide, not just Ukraine.”
Specifically, he said it was a Mirai variant botnet, which is made of compromised cameras. He said while he is not sure who is behind the attack, it “Smells of APTs – advanced persistent teenagers.”
Allan Liska of the cybersecurity firm Recorded Future, meanwhile, pointed out that even if “every IP address that hit Twitter today originated from Ukraine (doubtful), they were most likely compromised machines controlled by a botnet run by a third party that could be located anywhere in the world.”
More than 40,000 users reported having no access to the platform, according to the tracking website Downdetector.com. By Monday afternoon, the reports had dropped to the low thousands.
A sustained outage that lasted at least an hour began at noon, with the heaviest disruptions occurring along the US coasts.
Downdetector.com said that 56 percent of problems were reported for the X app, while 33 percent were reported for the website.
Musk bought the former Twitter in 2022 and also serves as the CEO of Tesla. (AP)
“We get attacked every day, but this was done with a lot of resources,” Musk claimed in a post. “Either a large, coordinated group and/or a country is involved. Tracing…”
Later on Monday, Musk said on Fox Business Network’s Kudlow that the attackers had “IP addresses originating in the Ukraine area” without going into detail on what this might mean.
Cybersecurity experts quickly pointed out, however, that this doesn’t necessarily mean that an attack originated in Ukraine.
Security researcher Kevin Beaumont said on Bluesky that Musk’s claim is “missing a key fact – it was actually IPs from worldwide, not just Ukraine.”
Specifically, he said it was a Mirai variant botnet, which is made of compromised cameras. He said while he is not sure who is behind the attack, it “Smells of APTs – advanced persistent teenagers.”
Allan Liska of the cybersecurity firm Recorded Future, meanwhile, pointed out that even if “every IP address that hit Twitter today originated from Ukraine (doubtful), they were most likely compromised machines controlled by a botnet run by a third party that could be located anywhere in the world.”
More than 40,000 users reported having no access to the platform, according to the tracking website Downdetector.com. By Monday afternoon, the reports had dropped to the low thousands.
A sustained outage that lasted at least an hour began at noon, with the heaviest disruptions occurring along the US coasts.
Downdetector.com said that 56 percent of problems were reported for the X app, while 33 percent were reported for the website.
Musk bought the former Twitter in 2022 and also serves as the CEO of Tesla. (AP)
