Cyberattack on X traces back to Ukraine: ‘IP addresses originated from Ukraine area,’ Elon Musk says

Just hours after reports of cyberattacks that caused the longest outage in X’s history (formerly Twitter), new details are emerging about the possible source of the attack.

In an interview with Fox Business host Stephen Miller, Elon Musk said the attack aimed to disrupt X’s systems, with “IP addresses originating in the Ukraine area.”

Cyberattack on X Originated from Ukraine, Musk Says

This claim ties into a broader context of cyberattacks linked to the region. The ongoing Russia-Ukraine conflict has seen both nations accuse each other of digital aggression, including the significant 2022 Ukraine cyberattacks, which heightened geopolitical tensions.

The cyberattack news came as Musk continued to push for an end to the war in Ukraine. He was later accused of disabling Starlink services used by Ukrainian soldiers. Musk denied the claim in a post on March 9, 2025, at 12:52 EDT, stating:

“To be extremely clear, no matter how much I disagree with the Ukraine policy, Starlink will never turn off its terminals. I am simply stating that, without Starlink, the Ukrainian lines would collapse, as the Russians can jam all other communications! We would never…”

Starlink, SpaceX’s satellite internet service, has been a lifeline for Ukraine’s military and civilians, maintaining communication lines amid Russian efforts to jam traditional signals. Its involvement has been a topic of controversy, especially regarding U.S. defense contracts and discussions around peace proposals. Despite disagreements about Ukraine’s strategy, Musk reaffirmed that Starlink’s services would remain operational to support Ukraine’s communication needs.

Why Would Ukraine Conduct a Cyberattack on X?

Musk’s comments have sparked questions about why Ukraine would target X. While no clear motive has been established, the ongoing tensions and complex geopolitical dynamics between Ukraine and Russia have led to an increase in cyber activities from both sides. The broader context of digital aggression in the region, including past incidents, adds another layer of complexity to these accusations.

Meanwhile, the hacker group Dark Storm Team claimed responsibility for the Distributed Denial-of-Service (DDoS) attack. This group, which appeared in 2023, has been tied to multiple cyberattacks and is known for supporting pro-Palestinian causes. Some reports suggest possible links to Ukraine or Russia. Their typical strategy involves overwhelming websites with traffic to disrupt services.

The Monday cyberattack on X caused major service disruptions. Some users began experiencing issues as early as 6:00 AM Eastern Time, with reports peaking at around 41,000 incidents by 10:00 AM, according to Downdetector. Both the X app and website were affected, leaving many unable to access the platform.

Throughout the day, X faced several disruptions, including at least three major outages. The most significant occurred between 11:15 AM and 1:15 PM Eastern Time, during which users struggled with buffering and error messages, making the platform difficult to access.

X’s technical team has been working to manage the attack’s impact and restore stable service. While X has faced cyber threats before, the scale and coordination of this incident have raised concerns about the involvement of state-backed actors or highly organized groups. Investigations are underway to identify the source and strengthen the platform’s security.