AI startup DeepSeek has been dealing with a series of DDoS attacks, according to cybersecurity firm NSFocus. Since launching its large language models, DeepSeek-R1-Zero and DeepSeek-R1, on January 20, the company has gained significant traction, especially due to the reportedly low cost of training its models. The app has even stayed ahead of ChatGPT on Apple’s free app charts.
However, on January 27, DeepSeek announced that it was being hit by large-scale cyberattacks, forcing it to limit new user registrations. Service disruptions lasted for several days, and only recently have some users regained access. DeepSeek has not disclosed details about the attackers or the exact nature of the attacks and has not responded to media inquiries.
On Friday, NSFocus released a report stating that its Global Threat Hunting System had detected three waves of DDoS attacks against DeepSeek’s API interface (api.deepseek.com). These attacks occurred on January 25, 26, and 27, with an average duration of 35 minutes. Attackers mainly used Network Time Protocol (NTP) reflection and memcached reflection methods to overwhelm the system.
DeepSeek’s chat system was also targeted, with two waves of attacks detected on January 20—the day DeepSeek-R1 launched—and January 25. These attacks lasted about an hour on average and leveraged NTP reflection and Simple Service Discovery Protocol (SSDP) reflection techniques.
On January 28, DeepSeek switched its resolving IP address in an attempt to mitigate the attacks. However, the attackers quickly adapted, launching another round of attacks on DeepSeek’s main domain, API interface, and chat system. NSFocus researchers noted the precision and adaptability of these attacks, suggesting they were highly coordinated and likely the work of a professional team. The attackers demonstrated expertise in selecting targets, timing, and adjusting attack intensity.
The report identified the U.S., U.K., and Australia as the top three sources of attack infrastructure, with 20%, 17%, and 9% of the traffic coming from these regions, respectively.
Despite efforts to contain the situation, DeepSeek continues to navigate these cyber threats. The attacks highlight the increasing challenges AI companies face as they gain prominence in the industry.