By Sergiu Gatlan on Wednesday, 08 November 2023
Category: Security

OpenAI confirms DDoS attacks behind ongoing ChatGPT outages

OpenAI has been addressing "periodic outages" due to DDoS attacks targeting its API and ChatGPT services within the last 24 hours. 

While the company didn't immediately provide any details on the root cause of these incidents, OpenAI confirmed earlier today that they're linked to ongoing distributed denial-of-service (DDoS) attacks.

"We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing work to mitigate this," OpenAI said in an update to an incident report published 11 hours ago. 

Those affected by these issues see "something seems to have gone wrong" errors, with ChatGPT adding that "There was an error generating a response" to their queries.

This comes after the company addressed another ChatGPT major outage that also took down its Application Programming Interface (API) on Wednesday, partial ChatPT outages on Tuesday, and Dall-E elevated error rates on Monday.

"We're experiencing exceptionally high demand. Please hang tight as we work on scaling our systems," a banner displayed across ChatGPT's interface warned users during yesterday's incident.

DDoS attacks claimed by Anonymous Sudan

While OpenAI has yet to attribute these DDoS attacks, a threat actor known as Anonymous Sudan claimed the attacks on Wednesday, saying that the reason behind them is the company's "general biasness towards Israel and against Palestine."

"CHATGPT link completely dead now worldwide, thousands of reports all over twitter and social media, let us see if they will admit it's a DDOS attack," the attackers said on their Telegram channel.

The group also confirmed using the SkyNet botnet in these attacks, which has been providing stresser services since October and added support for application layer attacks or Layer 7 (L7) DDoS attacks last week.

In Layer 7 DDoS attacks, threat actors target the application level to overwhelm services with a massive volume of requests, causing the services to hang as they cannot process them all.

They are highly effective as they significantly strain the targets' server and network resources, in contrast to reflection-based volumetric DNS amplification network layer attacks focusing on bandwidth consumption. 

In June, Anonymous Sudan also took down Microsoft's Outlook.com, OneDrive, and Azure Portal in Layer 7 DDoS attacks, with the company confirming their claims and saying it tracks their activity as Storm-1359. Redmond said that Anonymous Sudan uses three types of Layer 7 DDoS attacks: HTTP (S) flood attacks, Cache bypass, and Slowloris.

Anonymous Sudan launched in January 2023, announcing that they'll target anyone opposing Sudan. Subsequently, they directed their attacks towards global organizations and government agencies, disrupting web-facing infrastructure.

However, some cybersecurity researchers believe this is a false flag and that the group might be linked to Russia instead.

Related Posts

Leave Comments