X outage linked to same botnet that targeted DeepSeek in late January: Chinese cybersecurity firm

Elon Musk suffered double blows in one day. In addition to Tesla's stock sell-off, his social media platform X (formerly Twitter) faced a massive cyberattack on Monday U.S. local time. According to a Chinese cybersecurity firm, the attack was attributed to the same main botnet that targeted Chinese AI start-up DeepSeek during the Spring Festival in late January.

The timing of the attacks coincided with the downtime of X. The scale and intensity of the attacks directly caused X to crash three times, according to a release sent to the Global Times by Chinese cybersecurity firm Qi An Xin.

The XLab, which belongs to QAX, has discovered that the botnet used in this attack against X is a variant of Mirai known as RapperBot, which belongs to the same group of botnets that attacked DeepSeek during the Spring Festival of 2025 in late January, according to the release. RapperBot is known for its high-intensity traffic attacks, capable of quickly incapacitating target servers, said the company.

According to Downdetector, a website that tracks users’ reports of online outages, the outage occurred mainly between 10 pm on Monday and 2 am on Tuesday, Beijing time. “We observed that the attack commands were also distributed during this time,” said an XLab security expert. Combining this with the timeline of the cyberattack on X publicly disclosed by Musk, it’s speculated that the botnet attack was one of the reasons for X’s outage, said the release.

X was inaccessible on Monday morning for thousands of users, including many in the U.S., Xinhua News Agency reported.

After about eight hours of outage, Musk posted that the platform faced a “massive cyberattack,” according to Xinhua. “There was (still is) a massive cyberattack against X. We get attacked every day, but this was done with a lot of resources,” Musk wrote on X.

“We’re not sure exactly what happened, but there was a massive cyberattack to try to bring down the ecosystem with IP addresses originating in the Ukraine area,” Musk said in an interview with Fox Business on Monday, according to the Fox Business report.

According to the release, RapperBot botnet is not an ordinary hacker organization but a “professional” one that offers paid attack services. Its scale of attacks and resource input far exceed those of typical cyberattacks, potentially involving support from large organizations or even state-level entities, the release said.

XLab has found that the RapperBot botnet remains highly active year-round, with attack targets spread across the globe. It specializes in providing distributed denial of service (DDoS) for others, averaging attacks on hundreds of targets daily, with peak periods issuing thousands of commands. The attack targets are distributed in regions including Brazil, Belarus, Russia, China, and Sweden, according to the company release.

Also, Tesla’s sell-off on Wall Street intensified on Monday, with shares of the electric vehicle maker plunging 15 percent, their worst day on the market since September 2020, CNBC reported.

Since peaking at $479.86 on December 17, Tesla shares have lost more than 50 percent of their value, wiping out upward of $800 billion in market cap. Monday marked the stock’s seventh worst day on record, according to the CNBC report.

The large-scale DDoS attack on X not only exposes the severe cybersecurity challenges but also raises speculation about the forces behind the attack. For technology companies, such attacks can lead to serious consequences, including service interruptions, business paralysis, data leakage, and can also bring negative impact toward their brand image in a long-term, said the Chinese cybersecurity firm.