The open-source generative AI platform DeepSeek continues to face aseries of DDoS attacks, according to the NSFOCUS Global Threat Hunting System, a global reference in cybersecurity.
Last Friday (31st), NSFOCUS detected three waves of DDoS attacks targeting the IP address 1.94.179.165. The first, at 15:33:31 on January 25th, the second at 13:12:44 (on the 26th), and another on the 27th at 18:09:45 (GMT+8).
According to the cybersecurity firm, the average duration of the attacks was 35 minutes, with the criminals mainly targeting DeepSeek through Network Time Protocol (NTP) reflection and memcached reflection attacks.
In addition to the DeepSeek API interface, NSFOCUS detected two waves of attacks against the DeepSeek chat system interface, on January 20th — the day DeepSeek-R1 was launched — and another on the 25th. The average duration of the attacks was one hour, and the main methods included NTP reflection and Simple Service Discovery Protocol reflection. The three main sources of attack infrastructure were the United States (20%), the United Kingdom (17%), and Australia (9%).
According to Raphael Tedesco, NSFOCUS business manager for Latin America, when DeepSeek’s resolving IP address was changed (on January 28), the attacker “quickly adjusted” its strategy and launched a new round of DDoS attacks on the main domain name, API interface and chat system, which reflects the high complexity of the tactic used.
“From target selection to precise understanding of timing and then flexible control of the attack intensity, the attacker displays extremely high professionalism at every step. The highly coordinated and precise attacks suggest that the incident was not accidental, but rather well planned and organized, carried out by a professional team,” Tedesco points out.
Received with enthusiasm since its arrival on the market, with large-scale first-generation language models and low cost to train them, the platform continues to be ahead of ChatGPT, its main competitor, in the Apple App Store's free apps chart.
