Cyberattack forces Chinese AI platform DeepSeek to pause user sign-ups

New registrations are limited at DeepSeek

DeepSeek suffers from brute force attacks combined with DDoS

DeepSeek, a Chinese artificial intelligence startup, has recently faced a large-scale cyberattack that has temporarily halted new user registrations. This comes after the company’s DeepSeek-V3 AI assistant skyrocketed in popularity, becoming the top-rated free app on the Apple App Store in the United States.[1]

Launched in January 2025, DeepSeek’s AI assistant was praised for its ability to deliver powerful results at a fraction of the cost of other models, such as OpenAI’s ChatGPT.[2] This breakthrough in AI technology quickly attracted millions of users, but it also brought with it a significant challenge: cyberattacks.

The company first noticed issues with its registration process and website login shortly after the launch of DeepSeek-V3. These disruptions were some of the longest the platform had experienced in nearly three months.

DeepSeek responded by limiting new user sign-ups and working to resolve issues with its application programming interface (API). While existing users were still able to access their accounts, the surge in traffic and sudden popularity made the platform an attractive target for malicious actors, with cybersecurity experts now taking a closer look at the company’s security measures.

The deepening scrutiny and the mounting concerns about vulnerabilities were only intensified by the DDoS (Distributed Denial of Service) attack that targeted DeepSeek’s servers. A DDoS attack floods a system with excessive traffic, overwhelming resources and rendering services temporarily unavailable.

Tech industry attention is focused on China and its advances in AI technologies

DeepSeek’s AI platform’s ability to deliver immense results with reduced resource usage caught the attention of not only consumers but also tech investors, shaking up the competitive landscape.

This success has caused waves in the tech industry, particularly in the U.S., where DeepSeek’s rise challenged the assumption that American companies hold a clear advantage in AI development.

The DeepSeek-V3 model uses Nvidia’s H800 chips,[3] a less powerful version of the chips that the U.S. government has sought to restrict from being exported to China. DeepSeek’s ability to deliver high-performance AI with relatively inexpensive training costs has raised concerns in the U.S. about the effectiveness of export controls and China’s growing capability in advanced AI development.

The increasing popularity of DeepSeek’s platform not only has implications for global tech competition but also for cybersecurity. The company’s rapid growth attracted the attention of hackers and cybercriminals, and the attacks on its services reflect the increasing risks faced by emerging tech companies.

These cyberattacks, along with concerns about data privacy, have led to additional scrutiny of DeepSeek’s operations, particularly regarding the handling of user data. With the platform expanding globally, these challenges are expected to intensify as the company works to ensure the safety and reliability of its services.

Political implications: Chinese security firms suggest the attack came from U.S. IP addresses

According to KELA security research, Deepseek has been experiencing an increase in cyberattacks trying to compromise its security, among which are brute-force and DDoS attacks.

While the DDoS attacks primarily aimed at overwhelming DeepSeek’s servers, the newer brute-force tactics focus on stealing user passwords to gain unauthorized access to accounts. Cybersecurity experts also concluded that the security measures of DeekSeek are lacking in several aspects – the platform is much more vulnerable than its competitors:[4]

KELA has observed that while DeepSeek R1 bears similarities to ChatGPT, it is significantly more vulnerable. KELA’s AI Red Team was able to jailbreak the model across a wide range of scenarios, enabling it to generate malicious outputs, such as ransomware development, fabrication of sensitive content, and detailed instructions for creating toxins and explosive devices.

A report from the Chinese cybersecurity firm QAX traced the timeline of the cyberattacks against DeepSeek, revealing a sharp increase in incidents starting January 3, 2025. The frequency of these attacks spiked notably on Monday and Tuesday of that week, with brute-force attempts taking the lead over DDoS strategies.

Wang Hui, a cybersecurity expert from QAX, explained that while DDoS attacks target server resources, brute-force attacks are far more insidious, allowing attackers to access user accounts, track activities, and potentially steal sensitive data. QAX's investigation further pointed to the origins of these attacks, with IP addresses linked to locations in the United States.[5] This geographical data raises questions about the possibility of politically motivated cyberattacks.

Wang Hui also noted that these types of attacks have been directed at other leading Chinese companies, such as those behind the game Black Myth: Wukong.[6] The expert speculated that these attacks might be driven by economic or political motivations, especially as Chinese tech firms like DeepSeek are rapidly expanding their influence in the global market.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References
Files
Software
Compare