Cyberattacks targeting DeepSeek originated in US, claims China’s state media

The cyberattack on DeepSeek began on Jan. 3 and peaked on Monday and Tuesday with a massive brute-force attack from US IP addresses, the South China Morning Post reported on Thursday, citing Yuyuan Tantian, a CCTV social media account.

“All the attack IPs were recorded; all are from the US,” a cybersecurity expert told CCTV, China's state media.

The earlier stage of the cyberattack contained more distributed denial-of-service (DDoS) attacks aimed at disrupting DeepSeek's normal service by overwhelming its servers and bandwidth with a flood of internet traffic, while the more recent attacks were primarily brute-force attacks aimed at cracking user IDs and passwords to understand how DeepSeek works, CCTV reported, citing a report from China's cybersecurity firm QAX Technology Group.

Separately, US President Donald Trump's Commerce Secretary nominee Howard Lutnick alleged on Wednesday that DeepSeek allegedly misused American technology.

Earlier this month, DeepSeek released its open-source AI model, R1, which mimics human reasoning and challenges the dominance of OpenAI and US competitors like Google and Meta.

DeepSeek, a large language model, operates with significantly lower resource consumption than its rivals, including US-based OpenAI’s ChatGPT and Google’s Gemini. Its rapid rise in popularity across global mobile app stores triggered stock losses of up to almost $1 trillion in market value for major Western tech firms such as Nvidia.