The large-scale cyberattack that brought down Elon Musk’s X platform was carried out by Dark Storm, a Russian-linked hacker group whose “targets are high-profile pieces of Western infrastructure”, cybersecurity expert Muhammad Yahya Patel has told Brussels Signal.
“By zeroing in on airports, ports and defence bodies, they are clearly aiming to undermine institutions that embody Western influence and national stability,” said Patel of the attack on March 10.
He is lead security engineer at Check Point, a US-Israeli multinational provider of cybersecurity software that developed the so-called internet firewall along with one of the first virtual private networks
(VPNs) – services that protect internet connections and privacy online.
Musk wrote on his platform that the “massive cyberattack” appeared to have been “done with a lot of resources”.
Dark Storm took responsibility for “taking Twitter offline” in a March 10 post on the Telegram messaging service.
Its attack used a network of hijacked devices, called a “botnet”, which included compromised computers, smart cameras and routers that the hackers controlled remotely.
These compromised devices flooded X with a crippling volume of fake requests, curtailing its ability to function.
Dark Storm’s primary targets have been Western allies, including the US and Israel. In February 24, it issued a threat to NATO members, Israel and nations that supported the country.
In October 2024, Dark Storm claimed responsibility for a distributed denial of service (DDoS) attack on New York’s John F Kennedy International Airport, which Patel said was part of a broader strategy to target critical nodes of national security.
It has also teamed up with pro-Russian “hacktivist” groups to broaden its operational reach, selling hacking tools and services along the way, Patel added.
Its successes in selling its high-profile hacking services and the use of its botnets meant Dark Storm “isn’t just an ideologically driven hacktivist group; it is also a profit-seeking cyberattack service provider”, he said.
Following the X attack, Musk told Fox Business’ Kudlow programme it had originated in “IP addresses originating in the Ukraine area”.
Patel, though, said: “Cyber attackers often route their operations through multiple proxies to mask their true origins.”
Thus, he continued: “Regarding Musk’s claim blaming Ukraine, I think we can reasonably state that IP addresses are not a reliable indication of point of origin in any shape or form and so attribution is both unwise and unhelpful.”
An X account that claimed to speak for Dark Storm, said: “We have no relationship with Ukraine.”
Journalist Ed Krassenstein posted messages he said he received from Dark Storm. The hacker group told him they “can attack again”, including against Elon Musk’s Tesla company, with “a stronger attack this time”, he said.
Globally, cyber attacks in the past 12 months have increased by 44 per cent over previous period, Patel said.
In February, on average, organisations in the US experienced 1,323 cyber-attacks a week, with media and entertainment being one of the most targeted industries, he added.
