Security researchers aren’t buying Musk’s spin on the cyberattack that took down X

Someday after X went down for hours, safety researchers are throwing chilly water on Elon Musk’s public feedback about who is perhaps behind the DDoS assault. On Monday, as X was nonetheless struggling to , Musk stated in that the positioning had been introduced down by a “huge cyberattack” executed by “a big, coordinated group and/or a rustic.” Later that day, in with Fox Information, he stated the assault concerned “IP addresses originating within the Ukraine space.”

He by no means supplied proof for both declare. However, in a brand new report , safety researchers supplied a really completely different view on the assault. Safety specialists interviewed by the publication stated that that they had seen little proof that Ukrainian IP addresses performed a major function within the DDoS assault, with one researcher saying the nation wasn’t even within the high 20 international locations of origin concerned.

The report additionally means that, regardless of Musk’s assertion there have been “plenty of assets” concerned, X might have inadvertently left its methods prone to a DDoS assault just like the one which occurred Monday. “X origin servers, which reply to internet requests, weren’t correctly secured behind the corporate’s Cloudflare DDoS safety and have been publicly seen,” Wired writes. “Consequently, attackers may goal them immediately. X has since secured the servers.”

Notably, this wouldn’t be the primary time Musk has blamed an unspecified “cyberattack” when confronted with an embarrassing failure of X’s methods. Final 12 months, Musk a “huge DDoS assault” for crashing a deliberate livestream with Donald Trump, who was operating for president on the time. Musk by no means defined how a DDoS assault may convey down just one function on the positioning.  later reported that there had been no such assault.

X didn’t reply to a request for remark.