Rising DDoS Threats: Lessons from DeepSeek’s Recent Cyberattack

By Dr. Ir. Charles Lim, Msc., Bsc., CSAP, Security+, CySA+, CND, CCSE, CTIA, CHFI, EDRP, ECSA, ECSP, ECIH, CEH, CEI

Deputy Head of Master IT Program
Head of Cybersecurity Research Centre of Excellence
Head of Security Operations Center
Swiss German University

In an era of increasing cyber threats, Distributed Denial of Service (DDoS) attacks continue to evolve in scale and sophistication. One of the most recent victims is DeepSeek, a Chinese artificial intelligence startup, which faced a large-scale DDoS attack in early 2025. The attack came shortly after the company’s AI Assistant app surged to the top of the Apple App Store, surpassing even OpenAI’s ChatGPT [1]. This blog post examines the attack, its implications, and how businesses can strengthen their defenses against similar threats.

The DeepSeek DDoS Attack: What Happened?

In January 2025, DeepSeek experienced a significant cybersecurity incident, forcing the company to halt new user registrations. The primary attack vector was a massive DDoS campaign that overwhelmed the company’s servers, disrupting its services. Although existing users remained unaffected, new users faced disruptions during the registration process [2]. Further analysis revealed that the attacks intensified throughout the month, employing increasingly sophisticated techniques, including password brute-force attacks, which attempted to compromise user accounts by guessing password combinations [3].

The timing of the attack coincided with DeepSeek’s announcement of a new AI model, a direct competitor to U.S.-based AI platforms. The market response was swift, with a decline in U.S. tech stocks following the surge of DeepSeek’s AI in popularity [4]. This raised suspicions that the attack could have been motivated by competitive sabotage or geopolitical factors.

Understanding the Growing DDoS Threat

DDoS attacks aim to cripple online services by flooding networks with excessive traffic, rendering them inaccessible to legitimate users. These attacks are increasingly used for ransom extortion, competitive disruption, and even political sabotage. According to cybersecurity analysts, the frequency of attacks exceeding 1 terabit per second (Tbps) has risen sharply, with attackers leveraging botnets of compromised IoT devices and cloud servers to amplify their impact [5].

The attack on DeepSeek highlights key trends in modern DDoS threats:

1. Scale and Complexity: Attackers are using multi-vector techniques, combining volumetric, protocol-based, and application-layer attacks.
2. IoT Exploitation: Poorly secured IoT devices continue to be weaponized for large-scale botnet attacks.
3. Zero-Day Vulnerabilities: Threat actors are exploiting undocumented vulnerabilities to maximize disruption.

Mitigating DDoS Risks: Key Takeaways

Organizations can take several steps to protect against large-scale DDoS attacks:

1. Deploy Multi-Layered Protection: Combining on-premise firewalls with cloud-based DDoS mitigation services (such as AWS Shield or Cloudflare) helps absorb and neutralize large-scale attacks.
2. Conduct Regular Stress Testing: Simulating DDoS scenarios can identify potential network vulnerabilities before attackers exploit them.
3. Monitor and Patch Vulnerabilities: Keeping software updated and monitoring network activity can help mitigate emerging threats, such as the HTTP/2 vulnerabilities exploited in recent attacks.
4. Implement AI-Based Threat Detection: Machine learning models can identify traffic anomalies in real time, helping organizations detect and respond to threats proactively.
5. Develop an Incident Response Plan: Having a clear strategy in place for redirecting traffic, collaborating with ISPs, and maintaining service continuity is crucial.

Conclusion

The DeepSeek cyberattack underscores the growing risks of DDoS threats in today’s digital landscape. As cybercriminals continue to innovate, businesses must stay ahead by implementing robust cybersecurity measures. Transparency in reporting and collaboration with cybersecurity experts, as seen in DeepSeek’s response, will be vital in mitigating future attacks and strengthening industry resilience.

References

[1] AP News, “DeepSeek AI faces cyberattacks after topping App Store charts,” Jan. 2025. [Online]. Available: https://apnews.com/article/deepseek-ai-artificial-intelligence-be414acadbf35070d7645fe9fbd8f464
[2] Global Times, “DeepSeek halts new signups amid large-scale cyberattack,” Jan. 2025. [Online]. Available: https://www.globaltimes.cn/page/202501/1327676.shtml?utm_source=chatgpt.com
[3] Bleeping Computer, “DeepSeek limits registrations due to cyber attack,” Jan. 2025. [Online]. Available: https://www.bleepingcomputer.com/news/security/deepseek-halts-new-signups-amid-large-scale-cyberattack/
[4] The Guardian, “Global tech sell-off: DeepSeek’s AI breakthrough shakes US markets,” Jan. 2025. [Online]. Available: https://www.theguardian.com/business/live/2025/jan/28/global-tech-sell-off-trump-deepseek-wake-up-call-us-ai-firms-business-live
[5] Reuters, “DeepSeek limits registrations following DDoS attack,” Jan. 2025. [Online]. Available: https://www.reuters.com/technology/cybersecurity/deepseek-limits-registrations-due-cyber-attack-2025-01-27/

SGU Cybersecurity Research Centre of Excellence

The Swiss German University (SGU) Cybersecurity Research Centre of Excellence is dedicated to advancing cutting-edge cybersecurity research, developing innovative security solutions, and fostering industry collaboration. Our centre provides expertise in cyber threat intelligence, risk management, and secure system development, equipping businesses and organizations with the tools to combat emerging cyber threats. We offer customized cybersecurity training, consulting services, and applied research projects, ensuring that our partners stay ahead of evolving digital risks. By working with SGU, you gain access to top-tier cybersecurity experts, state-of-the-art research, and real-world security solutions tailored to your organization’s needs. Let’s collaborate to strengthen your cybersecurity posture and drive innovation in digital security.

SWISS GERMAN UNIVERSITY (SGU) is an international university in Indonesia, was established in 2000 as a joint effort between Indonesia, Germany, Switzerland, and Austria. We are the pioneer in offering international curricula in Indonesia. Qualified students can graduate with a Double Degree from Indonesia and Germany, which SGU provides in cooperation with partner universities; surely a valuable tool for your future careers. Ever since its establishment, SGU has been dedicated to delivering quality education in line with international standards and aims to develop skilled professionals who meet the demands of the industry. In order to achieve its objectives, SGU offers quality-oriented learning through 17 Bachelor’s Degree Programs and 6 Master’s Degree Programs ranging from Engineering, Information Technology, and Business to Life Sciences and Social Sciences. Furthermore, with small class sizes, and with English as the medium of instruction, you can look forward to pursuing your tertiary education and degree with full confidence.