Did Anonymous attack X in March 2025?

In March 2025, X (formerly Twitter) experienced a significant disruption that prompted intense speculation across the internet. As users worldwide encountered outages and delays, rumors began swirling—was the hacktivist collective Anonymous behind the attack? Let’s dive into what happened, who claimed responsibility, and what role, if any, Anonymous played.

What Happened to X in March 2025?

On March 10, 2025, X experienced a wave of service outages. Reports indicated the platform was hit by a massive distributed denial-of-service (DDoS) attack, flooding the system with bogus traffic to make it unavailable to users. Elon Musk, the owner of X, responded publicly by labeling it a “very large cyberattack.” He further stated that the traffic originated from IP addresses linked to Ukraine—but added a critical caveat: just because traffic stems from a region doesn’t mean the attackers are physically located there.

Who Claimed Responsibility?

Shortly after the incident, a relatively new but increasingly active group called Dark Storm Team came forward and claimed credit for the attack. This collective, reportedly driven by pro-Palestinian motives, has previously launched digital offensives against Western-aligned institutions, including public services, websites, and media outlets. They made their announcement via encrypted Telegram channels and various darknet forums, stating that their objective was to strike back at platforms they believe suppress certain political voices.

Did Anonymous Actually Launch the Attack?

Despite popular rumors, there is no concrete evidence linking the March 2025 X outage to the original Anonymous group.

Here’s why:

• The attack method—a botnet-based DDoS using vulnerable IoT devices (such as webcams and routers)—isn’t a traditional Anonymous tactic. Anonymous often focuses on data leaks, defacements, or coordinated digital protests.

• Dark Storm Team claimed the attack directly and had the means, motives, and history to back it up.

• While some fringe accounts bearing the Anonymous label did echo support or shared similar political messages around that time, there was no official statement or operation linked to the original Anonymous networks regarding this specific attack.

What Was Anonymous Doing During That Time?

Interestingly, Anonymous did make headlines in late March 2025, though for something entirely different.

A widely followed account on X, associated with the Anonymous name, shared a cryptic warning:

“Identify your nearest border crossing. #3E”

The message raised concerns, particularly due to the mysterious #3E hashtag, which reportedly stood for:

• End Impunity

• End Autogenocide

• End Oligarchy

This post seemed more like a political rallying cry than a declaration of a cyber operation. It captured attention but did not mention or relate to the DDoS incident on X earlier that month.

The Technical Side: How the Attack Worked

Cybersecurity experts traced the attack back to a large-scale botnet, most likely a modified version of the notorious Mirai botnet, which is made up of thousands of hijacked Internet of Things devices. These devices were scattered across the globe, making it nearly impossible to pin down a specific country or entity. The flood of traffic overwhelmed X’s infrastructure, revealing misconfigured servers and poor shielding from direct IP-based traffic—something cybersecurity specialists criticized publicly.

Can We Trust Attribution in Cyberattacks?

Attribution in the digital world is notoriously murky. Even if logs show traffic originating from a certain region, it’s often just the proxy layer—the surface—and not where the attackers truly reside. Groups often spoof their attacks, bounce traffic through multiple countries, or use hijacked infrastructure to obfuscate their identities. In this case, while Elon Musk suggested Ukrainian IPs were involved, experts caution that these IPs likely belonged to compromised machines within a global botnet, not individuals in Ukraine.

Who is Dark Storm Team?

Emerging in 2023, Dark Storm Team has quickly risen in notoriety among hacktivist circles. Their operations often align with Middle Eastern political causes, especially in response to global events involving Palestine, Israel, and Western military involvement.

Their usual playbook includes:

• DDoS attacks on government and private sector websites

• Targeting transportation infrastructure

• Disrupting communication tools used by political opponents

The March 2025 attack on X fits this profile perfectly.

Anonymous vs. Copycats

Over the years, many groups have used the “Anonymous” name, leading to confusion.

• Anonymous Sudan is a known example of a group unaffiliated with the original Anonymous, though it conducted attacks in 2023 using similar branding.

• Similarly, accounts with Anonymous-themed avatars may post threats or support cyber actions, but they are often decentralized individuals acting independently.

• The real Anonymous collective operates through well-known channels and usually shares manifestos or announcements through established accounts and forums.

In this case, none of those were activated or used to claim responsibility for the March 2025 X attack.

Summary

Conclusion

The March 2025 cyberattack on X was not orchestrated by Anonymous, despite widespread social media buzz. The true culprits—Dark Storm Team—have a clear track record of politically motivated DDoS campaigns and publicly claimed the operation. While Anonymous did make noise around the same time, their focus was elsewhere—spreading politically charged messages, not knocking websites offline. In the age of digital misinformation and decentralized hacktivism, separating fact from rumor has never been more important. This case underscores the need for clear attribution and deep technical analysis before jumping to conclusions.