DeepSeek, a rising name in artificial intelligence, has faced large-scale DDoS attacks since its reasoning model was released on January 20th. The attack came just as the company was experiencing a surge in popularity, overtaking OpenAI’s ChatGPT as the most downloaded free app on Apple’s App Store. While DeepSeek has since restored access to its V3 and DeepThink (R1) models, its web search functionality remains offline, limiting the platform’s full capabilities.
What happened?
These attacks were not random but appeared to be highly coordinated and strategically executed. The initial waves targeted DeepSeek’s API interface on January 25th, 26th, and 27th, 2025, with each assault lasting about 35 minutes. Attackers employed Network Time Protocol (NTP) and memcached reflection techniques, indicating a level of expertise in exploiting these vulnerabilities.
The chat system was also hit on January 20th and 25th, with attacks averaging an hour and using NTP and Simple Service Discovery Protocol reflection. The timing coincided with the release of DeepSeek-R1, suggesting a deliberate attempt to disrupt the launch.
When DeepSeek switched its resolving IP address on January 28th, the attackers quickly adapted, launching new attacks on the main domain, API, and chat system. This rapid response reflects a high degree of tactical literacy and professionalism, pointing to a well-planned operation by a skilled team rather than an opportunistic strike. The attackers’ ability to adjust their strategy and maintain pressure on DeepSeek underscores the persistent and evolving nature of cyber threats today.
The infrastructure for these attacks was primarily based in the U.S. (20%), the U.K. (17%), and Australia (9%), DeepSeek did not specify any details of the attacks or attackers and has not to date commented on the incidents to the media in detail.
AI companies face growing challenges as they scale, and DeepSeek is no exception. Its open-source R1 reasoning model has drawn attention for its affordability and flexibility, driving a surge in interest. But with rising demand comes increased pressure to keep services stable—especially when dealing with targeted cyber threats. As DeepSeek works to restore full functionality, the tech community is paying close attention – not just to its models’ potential, but also to the need for strong security measures against the evolving threat landscape against popular AI applications.
About FastNetMon
FastNetMon delivers versatile DDoS detection software for companies at any scale. With extensive experience in the telecom, mobile, and cloud computing industries, we take pride in preventing DDoS attacks and protecting our customers’ networks to the highest standard.