X, the social media platform formerly known as Twitter, experienced multiple global outages, affecting users in countries including the United States, the United Kingdom, India, Australia, Nigeria and Canada. These disruptions, which occurred in at least three distinct waves, began around 5:30 a.m. ET on 10th March and continued intermittently throughout the day, with peak reports of issues reaching over 41,000 according to outage tracking site Downdetector. Users reported problems such as inability to load the app or website, refresh timelines, post content, or log in, with the majority of issues affecting the mobile app (around 58% of complaints) and the website (32%).
Elon Musk, the owner of X, attributed the outages to a “massive cyberattack,” specifically claiming it was a distributed denial-of-service (DDoS) attack, which overwhelms servers with traffic to disrupt service. He suggested the attack required significant resources, potentially involving a “large, coordinated group and/or a country,” and in a Fox Business interview, he claimed that the IP addresses involved originated in the “Ukraine area.”
However, cybersecurity experts have expressed skepticism about these claims, noting that tracing IP addresses in DDoS attacks is unreliable due to the use of compromised devices worldwide, which can mask the true origin. Additionally, a pro-Palestinian hacktivist group called DarkStorm claimed responsibility for the attack via a Telegram post, stating it was a DDoS attack aimed at disrupting X’s services, though this claim has not been independently verified.
Register for Tekedia Mini-MBA edition 17 (June 9 – Sept 6, 2025) today for early bird discounts. Do annual for access to Blucera.com.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register to become a better CEO or Director with Tekedia CEO & Director Program.
The outages were significant, with some lasting up to several hours, marking one of the longest disruptions in X’s recent history. While the platform experienced partial restoration of services in some regions, the repeated nature of the outages raised questions about the platform’s stability, especially following significant staff reductions and infrastructure changes since Musk’s acquisition of the company in October 2022.
Critics have pointed to these changes, including the layoffs of around 80% of the original staff, as potential factors weakening the platform’s resilience to such incidents. However, without official confirmation of the attack’s cause or perpetrators, the exact reason for the outages remains uncertain, and the narrative of a state-sponsored attack, particularly from Ukraine, has been met with caution by experts due to lack of concrete evidence.
In addition to Dark Storm, the pro-Palestinian hacktivist group that claimed responsibility for the March 10, 2025, cyberattacks on X, numerous other hacktivist groups have been active globally, often driven by ideological, political, nationalistic, or opportunistic motives. Below is an overview of some notable hacktivist groups, their motivations, and their typical targets, providing context to the broader landscape of hacktivism.
One of the most well-known hacktivist collectives is Anonymous, a decentralized, non-hierarchical movement that emerged in the early 2000s. Anonymous is recognized for its advocacy of free speech, government transparency, internet freedom, and social justice, often targeting entities perceived as corrupt or oppressive, such as governments, corporations, religious organizations, and extremist groups.
Their operations, including high-profile campaigns like Project Chanology against the Church of Scientology and cyberattacks on Russian targets following the 2022 invasion of Ukraine, have made them a prominent symbol of hacktivism. Anonymous often employs tactics like DDoS attacks, data leaks, and website defacements, though some within the movement, like former member Oxblood Ruffin, have criticized the use of DDoS attacks as contrary to free speech principles.
Another significant group is RedHack, a Turkish Marxist-Leninist hacktivist collective founded in 1997. RedHack focuses on promoting social and political change in Turkey and beyond, targeting government agencies, political parties, and corporations to support causes such as workers’ rights and opposition to internet censorship. Their actions, such as releasing sensitive government documents and defacing websites, have led to conflicts with the Turkish government, resulting in arrests and prosecutions of several members, though the group remains active.
GhostSec, a spinoff of Anonymous that emerged in 2015, is known for its efforts to combat online extremism and terrorism, particularly targeting the online propaganda and recruitment efforts of groups like ISIS. GhostSec monitors social media platforms, identifies extremist content, and takes down associated websites and accounts. While praised for disrupting terrorist activities, their vigilante tactics have raised ethical and legal concerns, particularly around censorship and accountability.
AntiSec, formed in 2011 as a collaboration between Anonymous and LulzSec, aims to expose and disrupt systems of government and corporate power perceived as unjust or oppressive. Their tactics include website defacements, data breaches, and DDoS attacks, often targeting high-profile organizations to highlight vulnerabilities and challenge authority. AntiSec’s activities underscore the overlap between hacktivism and cybercrime, as their methods, while ideologically driven, often involve illegal actions.
The IT Army of Ukraine, formed in response to the 2022 Russian invasion of Ukraine, is a volunteer cyberwarfare organization focused on protecting Ukraine from Russian cyberattacks and launching counteroperations against Russian targets. This group exemplifies nationalistic hacktivism, leveraging technical expertise to support state interests during geopolitical conflicts, often targeting Russian government and infrastructure websites.
Other notable groups include Killnet, a pro-Russian hacktivist collective known for attacking government institutions in countries opposing Russian interests, and NoName057(16), a pro-Russian group that has been highly active in DDoS attacks, particularly against nations supporting Ukraine, such as Israel, India, and Poland.
Anonymous Sudan, despite its name, is a religiously motivated group rather than a politically aligned one, often targeting entities perceived as anti-Muslim, though some speculate ties to Russian interests due to attack patterns. These groups illustrate the diverse motivations within hacktivism, ranging from ideological and political agendas to nationalistic and opportunistic goals.
While some, like Anonymous, frame their actions as digital civil disobedience, others, such as Killnet or NoName057(16), align closely with state interests, blurring the line between hacktivism and state-sponsored cyber operations. The tactics used—DDoS attacks, data leaks, website defacements, and doxing—are consistent across groups, but their targets and justifications vary widely, reflecting the complex and often contentious nature of hacktivism in the digital age.