A series of DDoS attacks that destabilized Elon Musk’s X platform appears to be the work of a pro-Palestine hacktivist group that has been active since at least 2023. The group has been linked to previous similar actions, took credit for the attack via its Telegram channel complete with screenshots posted as proof of responsibility, and no other hacking groups have contested its claim.
The group calls itself “Dark Storm Team” and has been previously linked to DDoS attacks on US, Israel, Ukraine and UAE targets that involved the use of large botnets.
DDoS attacks likely not originating from Ukraine
Musk made comments about Ukraine in the wake of the DDoS attacks that seemed to imply some sort of involvement by that country, a perception definitely fed by his recent squabble on X with a Polish foreign minister over his Starlink support for the country’s front line in its battle against Russia. But the claim by Dark Storm Team came shortly after and appears to be credible, which suggests that any Ukraine devices involved are likely wrapped up in the group’s large botnet.
The group does appear to have a very substantial attack capability, however, making it at least somewhat understandable to assume nation-state involvement as a possibility. Some independent monitoring services report that X was under fire from around 5 AM to noon on Monday and that users were experiencing login and loading issues throughout that time, making it one of the biggest DDoS attacks on the platform in history.
There is little in the way of technical detail about the attack available at present. That information usually comes after the fact, when a group has its infrastructure seized and analyzed. A similar scenario with X played out about two years ago, when the platform suffered outages for several hours due to DDoS attacks from another anti-Israel group calling itself “Anonymous Sudan.” The FBI arrested the ringleaders of that group in late 2024 and took possession of its infrastructure. Though the ringleaders were in fact identified as being from the Middle East, researchers noted a number of suspicious connections to parties in Russia.
X engages Cloudflare to mitigate DDoS attacks
After revealing the nature of the DDoS attacks on a Fox Business interview on Monday, X users noticed that there were now sometimes prompts to solve a captcha to access the platform as the company engaged Cloudflare to help mitigate the attacks. IP addresses that have been flagged or those seen as making too many requests will likely have to continue doing this going forward.
While attribution to Dark Storm Team essentially relies on taking the hackers at their own word, the group was at least able to produce screenshots and a Check-Host.net report in support of its claim. Security researchers also note that the hackers are a legitimate established threat and have been responsible for prior DDoS attacks on Israeli hospitals and US airports among other targets.
