A cybersecurity expert has cautioned against prematurely “pointing the finger” at Ukraine after Elon Musk said X’s outage had links to the country.

Mr Musk claimed the platform, formerly known as Twitter, was under a “massive cyberattack” by those who had “IP addresses originating in the Ukraine area,” in an interview with Fox Business Network.

The widespread access issues led to more than 40,000 user reports on Downdetector.com, which peaked at 11am UK time and again four hours later on Monday.

Jake Moore, global cybersecurity adviser at software security firm Eset, said he was “confident” it was a distributed denial-of-service (DDoS) attack, which uses multiple IP addresses flooding a server or website with internet traffic.

He said it would be “dangerous to point the finger” at Ukraine solely based on IP address location.

“Unfortunately, X remains one of the most talked about platforms making it a typical target for hackers marking their own territory,” he said.

“All that can be done to future proof their networks is to continue to expect the unexpected and build even more robust DDoS protection layers.

“IP addresses can also be directed via software to be seen to have originated anywhere in the world.

“Therefore, even if their analysis suggests Ukraine, it would be dangerous to point the finger so early on.”

Mr Moore added that “simple analysis” of the IP addresses would point towards their location, but that this can be “tampered with” to make it seem that the origin is in a different country.

“Without seeing the report of the investigation it would be difficult to agree with this accusation either way.”

The former chief executive of the National Cyber Security Centre (NCSC), Ciaran Martin, told BBC Radio 4’s Today programme that it was a “remarkable incident”.

Mr Martin said: “I am very surprised that X fell over as a result of a DDoS attack, it’s a very large-scale DDoS attack but it’s not that sophisticated, it’s a very old technique.”

He said that he could not think of an example of a company the size of X “falling over” due to a DDoS attack “for a very long time”, adding that it “doesn’t reflect well on their cybersecurity”.

Mr Martin said that Mr Musk’s claim that the attack had links to Ukraine was “wholly unconvincing based on the evidence so far” and “pretty much garbage”.

Toby Lewis, of cybersecurity firm Darktrace, said: “This appears to be a fairly standard DDoS attack on X – essentially an overwhelming amount of traffic designed to disrupt the service.

“Like all DDoS attacks, the effect is temporary, and so users to X this morning may well not spot anything wrong at all.

“Importantly, these sorts of attacks are almost always delivered by botnets. Globally distributed networks of computers that have been unknowingly recruited to take part in the attack – typically through some form of compromise or the use of malware.”

Meanwhile, David Mound, of third-party risk management platform SecurityScorecard, said: “Beyond technique evolution, DDoS motivations are shifting.

“Hacktivism has resurged, with groups like Killnet and Anonymous Sudan launching politically motivated disruptions against governments, financial institutions, and infrastructure providers.

“Meanwhile, ransom DDoS campaigns have increased, with attackers extorting businesses by threatening prolonged downtime.

“Nation-state actors are also employing DDoS as part of broader cyber influence and disruption campaigns, particularly in geopolitical conflicts.”

Mr Musk, who is acting as an adviser on federal spending to Donald Trump, previously said Ukrainian president Volodymyr Zelensky is running a “fraud machine feeding off the dead bodies of soldiers”, suggesting limited appetite for continued American support for Ukraine.

The Tesla CEO bought the site, formerly Twitter, in 2022.