‘Dark Storm Team’ Takes Responsibility for 4 Major Outages on Monday
Repeated outages on social media platform X – formerly Twitter – on Monday are the result of a distributed denial of service attack, asserted platform owner Elon Musk in a sporadically available tweet.
The social media platform, conjoined with Musk’s public persona since mercurial multi-billionaire took it private in October 2022 for $44 billion, experienced four significant outages, according to disruptions reported by disgruntled users to Downdetector. A heat map shows reported outages concentrated in the U.S. Eastern Seaboard and coastal California.
“This was done with a lot of resources. Either a large, coordinated group and/or a country is involved,” Musk tweeted Monday afternoon. Musk in the past has attributed technical difficulties on the platform to hacks with little supporting evidence, such as an August 2024 livestream of him and Donald Trump that began 42 minutes late. “There was, of course, a 100% probability of DDOS attacks,” he tweeted at the time.
Musk, who is leading a polarizing effort to sharply cut back the federal government, characterized the incident as an attempt to silence him.
On Monday, self-proclaimed hacktivist group “Dark Storm Team” strengthened the case for the outages being caused by an attack. The group took responsibility on its Telegram channel. “How are you elon musk? I hope you liked our visit,” read one missive.
Dark Storm Team appears to be one of a handful of hacktivist groups dedicated to launching DDoS attacks against Western targets that coalesced in the wake of Russia’s February 2022 invasion of Ukraine. French firm Orange Cyberdefense in 2024 characterized Dark Storm Team as pro-Palestinian with “unconfirmed links with Russia highly likely.”
A swath of groups – some apparently nurtured by the Russian government – such as Killnet, NoName057(16) and Cyber Army of Russia Reborn have kept up a drumbeat of DDoS attacks that rarely rise beyond the level of nuisance (see: Russian DDoS Groups Frothing After Europe Backs Ukraine).
Dark Storm Team has coordinated attacks with Killnet and other groups, Orange Cyberdefense wrote. It also worked with Anonymous Sudan, a now disrupted DDoS group that launched hundreds of attacks while renting out its cloud-based DDoS system.
Dark Storm Team appears to do the same, interspersing posts about attacks with messages stating “if you want buy DD@s attack contact : @MRHELL112.”
Anonymous Sudan demonstrated that DDoS operations no longer need to rely on a traditional botnet composed of compromised routers or internet of things devices. U.S. federal prosecutors who indicted the two Sudanese brothers accused of running the operation said they used cloud servers to forward commands to an array of open proxy resolvers. Those resolvers can be used to create reflection attacks that amplify a small amount of internet traffic into an overwhelming load.
Musk’s management of the social media platform has caused it to be less resilient. He fired the majority of a 7,500 employee workforce including cybersecurity staff following his takeover of Twitter. In an episode chronicled by biographer Walter Isaacson, Musk in December 2022 stormed into a Sacramento data center and unplugged Twitter server racks before loading them on a semi-truck destined for Oregon. The site crashed four days later.
Technical difficulties have since continued, including a May 2023 livestream in which Musk hosted Florida Republican Gov. Ron DeSentis’s announcement of a White House bid.
Former Twitter security chief Peiter Zatko, who left before the Musk acquisition, in a July 2022 “whistleblower report” said Twitter lacked data center redundancy sufficient to recover “from even minor overlapping data center failure, raising the risk of a brief outage to that of a catastrophic and existential risk for Twitter’s survival.”
