The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. While X owner Elon Musk did not specifically state that DDoS attacks were behind the outages, he did confirm that it was caused by a "massive cyberattack." "There was (still is) a massive cyberattack against X," Musk posted on X. "We get attacked every day, but this was done with a lot of resources. Either a large, coordinated group and/or a country is involved. Tracing ... [1]"
Dark Storm is a pro-Palestinian hacktivist group that launched in 2023 and has previously targeted organizations in Israel, Europe, and the US. On 10 March 2025, the group posted to its Telegram channel that it was conducting DDoS attacks against Twitter, sharing screenshots and links [1, 2] to the check-host.net site as proof of the attack.
Check-host.net is a website that allows visitors to check the availability of a website from different servers throughout the world. The website is commonly used during DDoS attacks to show that an attack is taking place. X is now being protected by the DDoS-protection service Cloudflare, which shows a captcha when suspicious IP addresses connect to the site when a single IP address generates too many requests.
Hacktivists have repeatedly demonstrated their ability to disrupt massive technology platforms using botnets and other resources. In 2024, the United States indicted two Sudanese brothers for the suspected operation of the Anonymous Sudan hacktivist group. Anonymous Sudan successfully took down the websites and APIs of some of the largest technology firms, including Cloudflare, Microsoft, and OpenAI, disrupting services for many worldwide.
Update 11 March 2025: Elon Musk told Fox Business yesterday that the cyberattack against X involved IP addresses originating from Ukraine. "We are not sure exactly what happened, but there was a massive cyberattack trying to bring down the X system, with IP addresses originating in the Ukraine area," Musk said in the interview.
The Dark Storm threat actors, who claimed to be behind the attack, denied any connection to Ukraine in a statement posted on 10 March 2025. "Elon Musk claims the cyberattack on X originated from Ukraine. This is an accusation without evidence. We have no ties to Ukraine," the group posted on Telegram.
When conducting DDoS attacks, threat actors typically utilize low-cost hosting providers or malware botnets composed of compromised computers and devices in many different countries. These infected devices generate a surge of traffic that overwhelms a targeted website, rendering it unresponsive.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments