Imagine an AI model that not only rivals OpenAI’s ChatGPT and Google’s Gemini AI but does so at a fraction of the cost, that’s DeepSeek AI. Born out of China’s rapidly growing AI industry, this platform has stunned tech enthusiasts, researchers, and even Wall Street with its advanced reasoning capabilities, multimodal understanding, and efficiency, all while operating on a significantly smaller budget compared to its competitors.

DeepSeek AI is a game changer for AI chatbots. Within weeks of launching, it became the most-downloaded free app on Apple’s App Store, dethroning ChatGPT. Tech analysts marveled at its ability to perform at the same level as some of the biggest AI models on the market. Some even started questioning whether DeepSeek’s rise signaled a shift in the AI power dynamic and whether this was the moment when China’s AI industry officially caught up.

But with great success comes great scrutiny. The more disruptive DeepSeek AI became, the more attention it attracted, not just from users and investors but also from cyber attackers.

And in January 2025, that attention turned into a large-scale cyberattack that sent shockwaves through the AI world.

The Cyberattack That Crippled DeepSeek AI

Early January 2025: The First Signs

Shortly after DeepSeek AI soared to the top of rankings, the first wave of cyberattacks quietly began. Global Times and Ecns.cn have reported that according to cybersecurity analysts at XLab (a Chinese cybersecurity firm), the initial attacks took the form of SSDP (Simple Service Discovery Protocol) and NTP (Network Time Protocol) reflection amplification attacks. These are classic DDoS (Distributed Denial-of-Service) techniques, where attackers manipulate internet protocols to flood a target with fake traffic, overwhelming its servers and slowing down services.

Also read: A Series of DDoS Attack Affecting Japanese Corporations

At this stage, the attacks were disruptive but manageable. DeepSeek AI’s security team was able to mitigate most of the damage and keep services operational. However, this was just the beginning.

Mid-January 2025: The Attacks Get Smarter

By mid-January, the attackers changed tactics. XLab observed a shift from basic reflection amplification methods to more complex HTTP proxy attacks. Unlike the earlier attacks, which focused on overwhelming the network, these new attacks targeted the application layer, making them much harder to detect and defend against.

January 28-29, 2025: A 100x Surge in Attack Commands

Then, on the night of January 28, everything escalated.

Attack commands spiked by more than 100 times compared to the earlier waves, signaling a massive escalation. According to XLab, this surge was driven by the involvement of botnets (specifically, two Mirai-variant botnets known as HailBot and RapperBot.)

Botnets are networks of infected devices—often compromised computers, routers, or IoT devices—that cybercriminals control remotely to execute large-scale attacks. The entry of botnets into the attack meant that DeepSeek AI was no longer dealing with just a wave of cyberattacks—it was now facing a coordinated and relentless assault.

• Wave 1: 1:00 AM – HailBot and RapperBot launched the first major strike, utilizing 118 C2 (Command and Control) ports across 16 different servers

• Wave 2: 2:00 AM – A second wave followed almost immediately, intensifying the assault on DeepSeek’s infrastructure

January 30, 2025: The Aftermath

As the attacks continued, DeepSeek then released an urgent announcement, stating that its platform had been subjected to large-scale malicious attacks and that it would need to implement temporary restrictions.

The impact?

• DeepSeek had to limit new user registrations to Chinese mobile numbers (+86) only, effectively restricting global access to international users

• The service faced major slowdowns and accessibility issues

• The attack sparked global concerns over the security of AI platforms, especially open-source AI models that might lack enterprise-level cybersecurity defenses

Reports from Forbes, CNBC, and the BBC highlighted how the attack on DeepSeek raised serious questions about AI security. If an open-source AI model with cutting-edge capabilities could be taken down by cybercriminals, what did this mean for the future of AI-driven platforms?

Security experts noted that the attackers were likely professionals, possibly engaging in cyber warfare, corporate sabotage, or financially motivated hacking. DeepSeek’s rapid rise had made it a target, and now, the company was at the center of one of the biggest AI cybersecurity incidents.

What Does This Mean for AI Security?

This attack highlights a critical issue in today’s rapidly evolving AI era: security often lags behind innovation.

AI startups, especially those that scale as fast as DeepSeek, face enormous cybersecurity challenges. The moment a company gains global attention, it also becomes a prime target for cybercriminals, hacktivists, and even competitors.

This isn’t just a DeepSeek problem but an industry-wide issue:

• Open-source AI models, while great for accessibility, can be vulnerable to exploitation

• AI platforms with API access and cloud-based operations are susceptible to DDoS attacks, data breaches, and model manipulation

• As AI continues to influence industries from finance to healthcare, securing these platforms is essential

Don’t wait until a cyberattack disrupts your operations. Whether you’re an AI-driven company or a business handling sensitive data, powerful cybersecurity is non-negotiable. Is your company prepared for such threats? Contact our team at Cisometric to learn how our Security Operations Center (SOC) can help you stay ahead of cyber risks.

Also read: Staying Ahead of Threats with 24/7 SOC Proactive Monitoring

Reference: 

DeepSeek: The Chinese AI app that has the world talking

DeepSeek hit with large-scale cyberattack, says it’s limiting registrations

Global Times: Cyberattacks against DeepSeek escalate with botnets joining, command surging over 100 times: lab