Cyberattack on DeepSeek, including brute-force assault, started in US: Chinese state media

Name: Chinese AI disrupter DeepSeek claims top spot in US App Store, dethroning ChatGPT
Uploaded: 2025-01-30T03:09:13.000Z
Duration: 5 min 10 s
Description: Chinese AI disrupter DeepSeek claims top spot in US App Store, dethroning ChatGPT

Early assault on AI start-up reported to include denial-of-service attacks aiming to overwhelm servers and bandwidth with internet traffic

Reading Time:2 minutes

Why you can trust SCMP

Chinese state media says a cyberattack on DeepSeek started on January 3 and reached a peak on Monday and Tuesday. Photo: Reuters

William Zheng

Published: 11:09am, 30 Jan 2025Updated: 8:44pm, 30 Jan 2025

A massive cyberattack targeting China’s AI start-up DeepSeek originated in the US, according to Chinese state broadcaster CCTV.

The cyberattack on DeepSeek started on January 3 and reached a peak on Monday and Tuesday with a massive brute-force attack from US IP addresses, Yuyuan Tantian, a social media account affiliated with CCTV, said on Wednesday.

DeepSeek last week launched a free and open-sourced AI assistant that claimed to use less data at a fraction of the cost of existing US artificial intelligence models. The disclosure was regarded by some as a “Sputnik moment” for America’s AI industry for possibly marking a turning point in the level of investment needed for artificial intelligence.

05:10

Chinese AI disrupter DeepSeek claims top spot in US App Store, dethroning ChatGPT

DeepSeek said on Monday it would temporarily limit new registrations to users with mainland Chinese mobile numbers because of a “large-scale malicious attack” which had resulted in problems in registration.

The earlier stage of the cyberattack contained more distributed denial-of-service (DDoS) attacks that aimed to disrupt DeepSeek’s normal service by overwhelming its servers and bandwidth with a flood of internet traffic, CCTV said, citing a report from Chinese cybersecurity company QAX Technology Group.

It said the more recent attacks were primarily brute-force attacks, aiming to crack user IDs and passwords in an effort to understand how DeepSeek works.

A brute-force attack will systematically check all possible passwords and passphrases until the correct one is found. With the compromised IDs and passwords, the attacker can pretend to be the registered users of web services to use and analyse their services.

“All the attack IPs were recorded – all are from the US,” Wang Hui, a QAX cybersecurity expert, told CCTV.