The DeepSeek platform, an open-source generative AI, continues to face a series of DDoS attacks , according to the NSFOCUS Global Threat Hunting System, a global reference in cybersecurity.
Last Friday (31), NSFOCUS detected three waves of DDoS attacks targeting the IP address 1.94.179.165. The first, at 15:33:31, on January 25, the second at 13:12:44 (on the 26th), and another on the 27th, at 18:09:45 (GMT+8).
According to the cybersecurity company, the average duration of the attacks was 35 minutes, with the criminals primarily targeting DeepSeek through Network Time Protocol (NTP) reflection attacks and memcached reflection attacks.
In addition to the DeepSeek API interface, NSFOCUS detected two waves of attacks against the DeepSeek chat system interface, on January 20th—the day DeepSeek-R1 was launched—and another on January 25th. The average duration of the attacks was one hour, and the main methods included NTP reflection and Simple Service Discovery Protocol reflection. The three main sources of attack infrastructure were the United States (20%), the United Kingdom (17%), and Australia (9%).
According to Raphael Tedesco, NSFOCUS's business manager for Latin America, when DeepSeek's resolution IP address was changed (on January 28), the attacker "quickly adjusted" its strategy and launched a new round of DDoS attacks on the main domain name, the API interface, and the chat system, reflecting the high complexity of the tactic used.
“From target selection to precise timing and then flexible control of attack intensity, the attacker demonstrates extremely high professionalism at every stage. The highly coordinated and precise attacks suggest that the incident was not accidental, but rather well-planned and organized, executed by a professional team,” Tedesco points out.
Received with fervor since its arrival on the market, with large-scale, first-generation language models and low training costs, the platform continues to lead ChatGPT, its main competitor, in the Apple App Store's free app chart.
