What is DeepSeek <\/h2>\n\n\n\n
DeepSeek is an Artificial Intelligence company based in China and founded in late 2023. On January 20, 2025, it launched its first DeepSeek-R1 model, which instantly gained millions of app downloads worldwide. <\/p>\n\n\n\n
The success of the release came down to several factors: <\/p>\n\n\n\n
- \n
- DeepSeek achieved AI model performance comparable to OpenAI\u2019s (the company behind ChatGPT) for under $6 million. <\/li>\n\n\n\n
- DeepSeek uses less-advanced chips, making its AI operations up to 50 times<\/a> cheaper than competitors. <\/li>\n\n\n\n
- DeepSeek’s AI is open source. <\/li>\n<\/ul>\n<\/div>\n\n\n\n
Cyber Attacks on DeepSeek: Timeline <\/h2>\n\n\n\n
January 27 <\/h3>\n\n\n\n
DeepSeek paused new user registrations, citing “large-scale malicious attacks” on its infrastructure. <\/p>\n\n\n\n
January 28 <\/h3>\n\n\n\n
Wiz.io reported<\/a> discovering a leaked ClickHouse database linked to DeepSeek, which contained users’ chat histories and API keys. This leak was likely unrelated to the cyber attacks mentioned by DeepSeek. <\/p>\n\n\n\n
January 29 <\/h3>\n\n\n\n
Global Times revealed<\/a> that DeepSeek had been facing regular distributed denial-of-service (DDoS) attacks since early January, involving reflection amplification techniques. <\/p>\n\n\n\n
Starting January 22, HTTP proxy attacks began, gradually increasing in frequency and peaking on January 28. These were further accompanied by brute-force attack attempts, which allegedly originated from IP addresses in the United States. <\/p>\n\n\n\n
January 30 <\/h3>\n\n\n\n
Based on a report by XLab, Global Times disclosed<\/a> that the latest wave of attacks on DeepSeek involved two botnets, HailBot and RapperBot, both variants of the infamous Mirai botnet. <\/p>\n\n\n\n
The attacks launched early on January 30 used 16 command-and-control (C2) servers and over 100 C2 ports. <\/p>\n\n\n\n
Why Businesses Must Pay Attention <\/h2>\n\n\n\n
The cyber attacks on DeepSeek highlight that businesses of all sizes and industries, especially those dependent on extensive digital infrastructure, can be vulnerable to such threats. With botnets like HailBot and RapperBot available as a service, attackers can launch cyber assaults without needing advanced technical skills. <\/p>\n\n\n\n
For companies that rely on AI services, the consequences can be even more severe, including service disruptions, data breaches, and loss of customer trust. As AI becomes more integral to business operations, it is crucial for companies to invest in robust cybersecurity measures. <\/p>\n\n\n\n
How HailBot and RapperBot Botnets Work <\/h2>\n\n\n\n
HailBot<\/strong> <\/h3>\n\n\n\n
HailBot, named after the string “hail china mainland,” is known for its DDoS attack capabilities. This variant of Mirai exploits vulnerabilities such as CVE-2017-17215, which affects certain Huawei devices. <\/p>\n\n\n\n
HailBot can compromise a wide range of devices and use them to launch distributed denial-of-service attacks. <\/p>\n\n\n
\n![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/hailbot_sandbox-1024x579.png\")
Analysis of HailBot in ANY.RUN\u2019s sandbox<\/em> <\/figcaption><\/figure><\/div>\n\n\n By uploading a sample of HailBot to ANY.RUN\u2019s Interactive Sandbox<\/a>, we can get a detailed view of how it operates. <\/p>\n\n\n\n
- DeepSeek’s AI is open source. <\/li>\n<\/ul>\n<\/div>\n\n\n\n
![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/hailbot_cnc-1024x283.png\")
![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/02\/hailbot_suricata-1024x683.png\")