China’s AI start-up DeepSeek has faced a significant cyberattack, which is believed to have originated from the United States.
According to China’s state broadcaster CCTV, the attack began on January 3 and reached its peak on Monday and Tuesday, with a major brute-force effort coming from U.S.-based IP addresses.
The cyberattack targeted DeepSeek, which had recently launched an AI assistant model designed to operate at a lower cost compared to existing U.S. counterparts. The cyberattack escalated quickly, raising concerns about the security of DeepSeek’s operations and the broader impact on China’s growing AI industry.
Brute-force attacks and Distributed Denial-of-Service (DDoS)
The attack on DeepSeek came in multiple stages. Early on, the company faced Distributed Denial-of-Service (DDoS) attacks, as reported by South China Morning Post. These attacks work by overwhelming a system with excessive internet traffic, making it difficult for servers to function properly.
According to experts from XLab (via Global Times), a Chinese cybersecurity firm, the cyberattacks have intensified both in scale and complexity. The DDoS attacks were the initial phase, but they soon gave way to brute-force attempts. These brute-force attacks aimed to crack user IDs and passwords, potentially allowing the attackers to access DeepSeek’s platform and understand its underlying AI technology.
A brute-force attack involves systematically testing all possible password combinations until the correct one is found. Once an attacker gains access to user accounts, they can impersonate legitimate users and gain insight into how the system works.
Wang Hui, a cybersecurity expert from QAX Technology Group, told CCTV, “All the attack IPs were recorded, all are from the US.” This statement highlights the geographic origins of the assault, which were traced back to the U.S.
XLab’s reports indicate that the source of these attacks has been widespread, with IPs coming from the U.S., Singapore, the Netherlands, Germany, and even domestically within China. These findings paint a picture of a sophisticated and well-coordinated assault on DeepSeek’s growing platform.
In response to the cyberattacks, DeepSeek made the decision to limit new registrations to users with mainland Chinese mobile numbers. This move was necessary due to the significant registration issues caused by the ongoing attacks. (Yahoonews)