X, the social media platform owned by Elon Musk, suffered widespread outages on Monday, which the billionaire attributed to a cyberattack originating from IP addresses in Ukraine.
Speaking on Fox Business, Musk stated, “We’re not sure exactly what happened, but there was a massive cyberattack to try to bring down the X system, with IP addresses originating in the Ukraine area.” However, he did not provide further details about the attack’s origin or whether it was linked to the Ukrainian government. Experts have noted that IP addresses can be spoofed, meaning the actual location of the attack could be elsewhere.
Massive Outages Reported Worldwide
According to DownDetector, an outage tracking website, the issues began around 6 a.m. ET, when approximately 20,538 users reported problems accessing X. While the disruption briefly subsided, reports of outages surged again at 10 a.m., peaking at nearly 40,000 users facing access issues. The situation gradually improved around 2 p.m. ET and continued stabilizing throughout the afternoon.
Many users on DownDetector claimed that X was not loading, and reports from international versions of the site suggested that the problem was global. During the Fox Business interview, which aired at 4 p.m. ET, Musk confirmed that the platform was operational again.
Speculations and Musk’s Response
Early on Monday afternoon, Musk took to X to suggest that a “large, coordinated group and/or a country” might be responsible for the attack. However, the motivation behind the disruption remained unclear.
Musk also replied “Yes” to an X post suggesting that people were attempting to silence him and the platform. Despite this claim, there has been no official confirmation that the outage was a targeted cyberattack.
Eric Noonan, CEO of CyberSheath, a cybersecurity firm, cautioned against drawing conclusions too soon. “One of the things that should always be taken with a grain of salt is any statements made immediately after or even during an attack,” Noonan told CNN.
Musk’s History of Attributing Issues to Cyberattacks
Musk has previously suggested that cyberattacks were responsible for technical disruptions on X.
In August 2024, a conversation between Musk and Donald Trump on X was delayed by 42 minutes. At the time, Musk claimed there was a “100% probability of DDoS attacks” due to the conversation’s high profile.
DDoS, or Distributed Denial-of-Service, is a type of cyberattack where hackers overwhelm a server with fake traffic, causing service disruptions. However, some past X-related technical failures have not been attributed to DDoS attacks.
For instance, in 2023, Florida Governor Ron DeSantis’ presidential campaign announcement on X was marred by technical issues, though no cyberattack was cited as the cause.
According to Noonan, ransomware attacks have become more common than DDoS in recent years, as they are often financially motivated. In contrast, DDoS attacks are primarily used to cause disruption, making it harder to trace the source.
X’s Ongoing Technical Challenges
Since Musk acquired X (formerly Twitter) in 2022, the platform has faced numerous glitches and disruptions.
After finalizing the $44 billion acquisition, Musk fired top executives and laid off 3,500 employees—around half of Twitter’s workforce—within days. Over time, X’s workforce was reduced by 80%, and Musk enforced a return-to-office policy.
The significant staff reductions have contributed to frequent outages and technical issues, raising concerns about the platform’s stability.
A Tough Day for Musk’s Businesses
Monday wasn’t just challenging for X—Tesla shares also took a major hit, dropping 15% in a single day. The decline wiped out Tesla’s stock gains since Trump’s November 2024 election victory.
Musk, who is also the head of Trump’s Department of Government Efficiency (DOGE), has not publicly commented on Tesla’s stock drop.
As the situation continues to develop, it remains unclear whether X’s outage was indeed the result of a targeted cyberattack or technical failures. CNN has reached out to X, but the company has a policy of not responding to media inquiries.
This is a developing story and will be updated as more information emerges.
“This incident highlights a pivot we’re seeing in the motivation behind cyber threats: what used to be straightforward data theft and exfiltration has shifted to full-scale digital disruption. We’ve seen this play out in critical infrastructure sectors like energy, but social media platforms like X are now emerging as a new form of critical infrastructure and should be treated as such. The problem is that these platforms are built for engagement, not resilience. Attackers know this and are treating them as digital battlegrounds, because taking a platform offline can be just as damaging as stealing data.
Complicating matters further is the chaos of attribution we’re seeing play out. Cyberattacks today resemble crime scenes with multiple fingerprints, as hacktivist groups, cybercriminals and nation-states are all working in parallel or jockeying for credit. Claiming responsibility is easy but proving who’s behind it is far more difficult. And when multiple actors rush to take credit, one thing becomes clear: the real objective is disruption itself, not just the message.”
