Social networking x There was an intermittent interruption on Monday, with the situation owner Elon Musk Attributable to “massive cyberattacks.” Musk said in his initial X post that the attack was committed by “a large, coordinated group and/or a country.” In an article about telegraphA pro-Palestinian group known as the “Dark Storm Team” was praised for the attack within hours. However, in an interview with Fox Business Network late Monday, Musk claimed that the attack came from a Ukrainian IP address.
The network traffic analysis experts tracking the incident on Monday were quick to emphasize that X’s attack type appears to be facing coordinated by computers or “botnets”, or “botnets”, or garbage in an attempt to overwhelm and remove its systems. Botnets are often dispersed around the world, generating traffic with geographically different IP addresses, and may also include mechanisms that determine where to control.
“It is important to recognize that IP attribution alone is not conclusive. Attackers often use trade-off devices, VPNs, or proxy networks to confuse their true origins,” said Shawn Edwards, chief security officer at network connectivity firm Zayo.
X did not return a Wired comment request for the attack.
Several researchers told Wired that they observed five very different attacks on X’s infrastructure, the first start in the early hours of Monday and the last outbreak on Monday afternoon.
“During the interference, thousands of people observed network conditions characterized by DDOS attacks, including severe traffic loss conditions, which could prevent users from reaching the application,” Cisco’s Internet intelligence team told Wired in a statement.
DDOS attacks are common, and almost all modern Internet services are regularly experienced and must be proactive. Defend yourself. As Musk himself proposed on Monday, “We are attacked every day.” So why do these DDOS attacks cause X interruptions? Musk said this is because “it’s done with a lot of resources,” but independent security researcher Kevin Beaumont and other analysts have seen some evidence that certain X-source servers (in response to web requests) are not properly secured behind the company’s Cloudflare DDOS protection. Publicly visible. As a result, the attacker can target them directly. After that, X secured the server.
“Botnet direct attack IP There were more on the X subnet yesterday, it’s a botnet for cameras and DVR,” Beaumont said.
“We’re not sure what happened, but there’s a massive cyber attack trying to bring the X system to the IP address in the Ukrainian region,” Musk told Fox Business host Larry Kudlow in an interview.
Musk has laugh at Ukraine and its President Volodymyr Zelensky It has been repeated since Russia invaded its neighbors in February 2022. Donald TrumpMusk Now head The so-called government efficiency department or threshold department has been razed in the weeks since Trump took office. Meanwhile, the Trump administration’s recent warming relations with Russia and detached the United States from long-term support for Ukraine. Musk has been there Participate in these geopolitics In the context of another company he owns SpaceXoperate satellite Internet services Starlink Many Ukrainians rely on it.
DDOS traffic analysis can break down firefighting in garbage traffic in different ways, including listing countries involving the most attacked IP addresses. But a researcher from a well-known company asked for anonymity because they were not authorized to talk about X, noting that they didn’t even see Ukraine’s breakdown of the first 20 IP addresses involved in the X attack.
But if Ukrainian IP addresses do help with the attack, many researchers say that this fact alone is not worth noting.
“The conclusions that can be drawn from IP data are the geographical distribution of traffic sources, which may provide insights into the composition or infrastructure of the botnet used,” said Zayo’s Edwards. “The conclusions we cannot determine are the identity or intention of the actual perpetrator.”
