DDoS attack leads to significant disruption in ChatGPT services

Pierluigi Paganini November 09, 2023

OpenAI confirmed that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed denial-of-service (DDoS) attack.

OpenAI confirmed earlier today that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed denial-of-service (DDoS) attack.

“We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing work to mitigate this.” reads the update posted by OpenAI on its status page 17 hours ago.

The organization first reported partial service outages on November 7, but on November 8 the services were disrupted.

The attack was launched by the pro-Russia group Anonymous Sudan (aka Storm-1359) that claimed the attack on its Telegram channel:

“Some reasons why we targeted OpenAI and ChatGPT:

  • OpenAI’s cooperation with the occupation state of Israel and the CEO of OpenAI saying he’s willing to invest into Israel more, and his several meetings with Israeli officials like Netanyahu, as Reuters reported.
  • AI is now being used in the development of weapons and by intelligence agencies like Mossad, and Israel also employs AI to further oppress the Palestinians.
  • OpenAI is an American company, and we still are targeting any American company 
  • ChatGPT has a general biasness towards Israel and against Palestine as it has been exposed in twitter, in general there’s huge bias of the model towards some topics which has to be fixed”
OpenAI Chat GPT Anonymous Sudan

At the time of this writing, ChatGPT seems to be working without problems.  

Collective Anonymous Sudan has been active since January 2023, it claims to target any country that is against Sudan. However, some security researchers believe that Anonymous Sudan is a sub-group of the pro-Russian threat group Killnet.

Threat actors relied on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure.

The collective Anonymous Sudan claimed responsibility for the DDoS attacks that hit the company’s services.

In July, Anonymous Sudan announced it had stolen credentials for 30 million customer accounts.

In September, Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, OpenAI ChatGPT)

you might also like

leave a comment