According to a social media post by Elon Musk, X experienced a cyberattack that caused widespread technical issues across the network. 

“We get attacked every day, but this was done with a lot of resources,” Musk stated in the post. 

A hacktivist group known as Dark Storm has taken credit for the outage, claiming to be behind the attack on its Telegram channel. At this time, little is known for sure about the nature and origin of the attack. 

Casey Ellis, founder at Bugcrowd, comments, “It’s difficult to say with incomplete information, and in the early stages of things, but between the sustained nature of the outage and Dark Storm Team taking credit for it on Telegram, this does appear to be a legitimate cyberattack on X.”

Below, cyber experts share their insights on this potential attack. 

Security leaders weigh in 

Chad Cragle, CISO at Deepwatch:

X is under relentless cyberattacks; 24/7/365. This far beyond simple DoS attempts. These are full-scale DDoS assaults, combined with sophisticated botnet activity, credential stuffing, API abuse, and targeted application-layer attacks designed to cripple operations.

While technical issues can occur, X’s engineers understand scalability and redundancy. This isn’t incompetence; it’s cyberwar hitting at full force. With Musk in the spotlight and political tensions at a peak, these attacks bear all the indicators of nation-state aggression. They’re throwing everything but the kitchen sink at X, and others pushing for maximum disruption, downtime, and, if possible, data exposure.

J Stephen Kowski, Field CTO at SlashNext Email Security+:

Determining the true cause of outages requires independent verification, as it’s challenging to confirm cyberattacks without direct access to the targeted infrastructure. Major platforms typically face numerous attacks attempts daily, making such claims plausible, though a group called Dark Storm Team claiming responsibility on Telegram would need to be verified through advanced threat detection technology rather than public statements alone. The evidence from X and from the attackers claiming credit appears very limited. For every company, there is a tradeoff between cybersecurity defense costs and revenue-generating activities, with most companies being a bit understaffed and under-resourced in their security operations.

Toby Lewis, Global Head of Threat Analysis at Darktrace:

This appears to be a fairly standard DDoS attack on X — essentially an overwhelming amount of traffic designed to disrupt the service. Like all DDoS attacks, the effect is temporary, and so users to X this morning may well not spot anything wrong at all.

Importantly, these sorts of attacks are almost always delivered by botnets. Globally distributed networks of computers that have been unknowingly recruited to take part in the attack — typically through some form of compromise or the use of malware. These sort of botnets are unfortunately incredibly commonplace, making up the so-called “background noise of the internet,” and often available for hire for whoever is willing to pay.