DeepSeek, an open source generative AI platform, continues to face a DDoS attack seriesaccording to the NSFOCUS Global Threat Hunt System, a global benchmark in cybersecurity.
Last Friday (31), NSFOCUS detected three waves of DDoS attacks targeting the IP address 1.94.179.165. The first, at 15:33:31, on January 25, the second at 13:12:44 (day 26), and another day 27, at 18:09:45 (GMT+8).
According to the cybersecurity company, the average duration of the attacks was 35 minutes, with the criminals primarily targeting DeepSeek through Network Time Protocol (NTP) reflection attacks and memcached reflection.
In addition to the DeepSeek API interface, NSFOCUS detected two waves of attacks against the DeepSeek chat system interface on January 20th the day DeepSeek-R1 was released 25th and another day 25th. The average duration of attacks was one hour, and the main methods included NTP reflection and Simple Service Discovery Protocol reflection. The three main sources of attack infrastructure were the United States (20%), the United Kingdom (17%) and Australia (9%).
According to Raphael Tedesco, NSFOCUS business manager for Latin America, when the DeepSeek resolution IP address was changed (on January 28), the attacker “ quickly adjusted” its strategy and launched a new round of DDoS attacks on the main domain name, API interface and chat system, which reflects the high complexity of the tactic used.
From target selection to precise time understanding and then flexible control of attack intensity, the attacker shows extremely high professionalism at each step.The highly coordinated and accurate attacks suggest that the incident was not accidental, but rather well planned and organized, executed by a professional” team, Tedesco points out.
Welcomed with fervor since its arrival on the market, with first-generation, low-cost, large-scale language models to train them, the platform remains ahead of ChatGPT, the main competitor, in the free app chart of the Apple App Store.
