Cyberattacks against Chinese AI start-up DeepSeek intensified sharply on Thursday, with attack commands increasing by more than 100 times compared to the previous wave on Tuesday, according to insights from Chinese cybersecurity firm XLab.
BOTNET INVOLVEMENT AND ESCALATING ATTACK STRATEGIES
XLab reported that at least two botnets were detected participating in the attacks, launching two separate waves of intrusions on Thursday.
Since early January, DeepSeek has faced persistent and large-scale DDoS attacks, according to XLab’s findings. Initially, the attacks primarily involved SSDP and NTP reflection amplification techniques. By Tuesday, attackers incorporated many HTTP proxy attacks, further complicating defense measures. Early Thursday morning, botnet activity was identified, marking a new phase in the escalation. The complexity of attack methods has made mitigation efforts increasingly difficult and heightened DeepSeek’s security challenges, an XLab security expert told the Global Times anonymously.
Over nearly a month of continuous monitoring, XLab observed that the attacks have evolved in sophistication: from initial amplification attacks that were easier to counter to more complex HTTP proxy attacks at the application layer and now to botnet-based assaults. Attackers are deploying a combination of techniques, making the attacks more difficult to defend against.
TWO MAJOR BOTNETS DETECTED
A report from XLab revealed that in the early hours of Thursday, two Mirai-variant botnets, HailBot and RapperBot, were actively involved. These botnets executed two waves of attacks, occurring separately at 1 AM and 2 AM, utilizing 118 C2 ports across 16 C2 servers.
“The presence of botnets signifies the involvement of professional attackers,” noted the XLab expert.
Botnets consist of devices compromised and controlled through malicious software, often called “bots” or “zombies.” Attackers use Command and Control (C&C) servers to direct these devices to execute large-scale DDoS attacks. As the volume of attack traffic increases, targeted servers become overwhelmed, leading to service disruptions or complete paralysis.
HailBot and RapperBot are well-established botnets known for executing professional DDoS attacks worldwide. RapperBot, for instance, targets over 100 entities daily, with peak attack volumes reaching thousands of commands. Its victims are spread across various regions, including Brazil, Belarus, Russia, China, and Sweden. HailBot, meanwhile, maintains consistent attack patterns, targeting entities across China, the U.S., the U.K., Hong Kong, and Germany with thousands of daily attack commands, according to XLab.
XLab identified that these botnets frequently operate on a “for-hire” basis, fitting the profile of professional cyber mercenaries. “Although botnet attacks are an older technique, they remain highly effective. The attacks early this morning clearly indicate that the perpetrators have employed professional botnet attack services,” the XLab expert added.
IMPACT ON DEEPSEEK AND AI SECURITY CONCERNS
DeepSeek gained widespread recognition after launching its open-source AI model, DeepSeek-R1, in early January. The model introduced a significant technological advancement, enabling AI to develop reasoning abilities purely through deep learning methodologies.
On Tuesday, just before the Chinese New Year, the company unveiled its latest open-source multimodal model, Janus-Pro—an upgraded version of the previous Janus model. This new model significantly enhances multimodal understanding and visual generation capabilities and reportedly outperformed OpenAI in benchmark evaluations.
Over the past month, the sustained cyberattacks have disrupted DeepSeek’s registration and service operations. In response to the attacks, DeepSeek acknowledged on Tuesday that its online platform had been subjected to large-scale malicious intrusions. The company temporarily restricted new registrations to users with +86 mobile phone numbers to maintain functionality.
Tuesday’s attacks also raised global concerns regarding the security of AI services. Forbes reported that the cyberattack, which forced DeepSeek to suspend new user registrations, was likely a distributed denial-of-service (DDoS) assault targeting its API and web-based chat platform. “Although existing users retain access, the incident highlights broader concerns about the security of AI-driven platforms and the potential risks they present to consumers,” the Forbes report stated.
Source: https://www.globaltimes.cn/page/202501/1327697.shtml
Africa AI Asia Beijing Belt & Road Belt & Road BLCU BRICS Burs Chatgpt China CSC Culture Deepseek Development Economy education Electric car EU Europe Global Economics Korea Kültür movie Multipolarity Russia scholarship science Shanghai Sino Sino Turkish Sino Turkish Sino Turkish Studies Sino Turkish Studies Sino Turkish Studies Syria Taiwan Turkey Turkiye Türkiye USA Uyghur Xi Jinping Xinjiang Çin
