DeepSeek AI Faces ‘Well Planned’ DDoS Attacks, According to NSFocus
DeepSeek Under Attack: Understanding the DDoS Threats
Overview of DeepSeek and Its Launch
AI startup DeepSeek stirred significant interest when it launched its first-generation large language models, DeepSeek-R1-Zero and DeepSeek-R1, on January 20. These models have been well-received not only for their performance but also for their affordability in training. Following this release, DeepSeek managed to secure a prominent position on the Apple App Store, maintaining its lead over established competitors like ChatGPT.
Facing a Wave of DDoS Attacks
Despite its early success, DeepSeek has encountered serious challenges, primarily in the form of Distributed Denial of Service (DDoS) attacks. On January 27, the company announced it was dealing with “large-scale malicious attacks” that prompted it to restrict new user registrations temporarily. The company has indicated that the disruptions lasted for several days, affecting many users.
Details of the DDoS Attacks
According to a report by cybersecurity firm NSFocus released on January 27, multiple waves of DDoS attacks targeted DeepSeek, specifically its API interface. The attacks were detected at various times:
- January 25, 2025 at 15:33:31
- January 26, 2025 at 13:12:44
- January 27, 2025 at 18:09:45
The attacks primarily focused on DeepSeek’s IP address (1.94.179.165), which serves as the API interface for its operations. The average duration of these attacks was reported to be around 35 minutes.
Types of Attacks Used
NSFocus’s analysis revealed that the attackers predominantly utilized two methods:
- NTP Reflection Attacks: These leverage the Network Time Protocol to amplify traffic aimed at the target.
- Memcached Reflection Attacks: Similar to NTP, this method uses vulnerable servers to flood the target with a high volume of traffic.
Additionally, NSFocus identified that DeepSeek’s chat system was also targeted on January 20, the same day the new models were released, as well as on January 25. For these attacks, the average duration was found to be approximately one hour.
Attack Adaptations and Strategies
The research indicated that once DeepSeek changed its resolving IP address on January 28, the attackers quickly adapted their strategy and launched a new series of DDoS attacks targeting the main domain, API interface, and chat system. This quick adaptation demonstrates a level of tactical sophistication.
Research findings suggest that the attackers exhibited high levels of professionalism. They showed a precise understanding of their targets’ vulnerabilities and maintained control over attack intensity. This level of coordination points towards a well-organized cyber assault, likely orchestrated by a professional group rather than a random occurrence.
Geographic Distribution of Attack Sources
The study by NSFocus also highlighted the geographic composition of the attack sources:
- United States: 20%
- United Kingdom: 17%
- Australia: 9%
These statistics underline the international scope of the attack infrastructure used against DeepSeek.
Current Situation and Responses
While DeepSeek has not provided specific details about the attackers or the nature of the DDoS incidents, the firm is actively working to mitigate the ongoing threats and restore full service for its users. The company has not responded to all inquiries, keeping specifics about future strategies and defense mechanisms largely under wraps.
It remains clear that as AI technologies evolve, they also become attractive targets for coordinated cyber campaigns, drawing attention to the necessity for enhanced security measures in this dynamic sector.
This rewritten article adheres to the original context without a conclusion, ensuring easier comprehension and maintaining a neutral tone. The use of headings and lists aims to create a structured and engaging read.
