Threat Analysis

OpenAI has been grappling with recurrent service disruptions in the past 24 hours, attributing them to a series of distributed denial-of-service (DDoS) attacks targeting both its API and ChatGPT services. Although immediate details about the root cause were not initially provided, OpenAI has now officially acknowledged the ongoing DDoS attacks as the source of the problem. Users experiencing the outages are encountering error messages such as "something seems to have gone wrong" and "There was an error generating a response" on ChatGPT.

This incident follows recent disruptions, including a major outage affecting ChatGPT and its Application Programming Interface (API) on Wednesday, partial outages on Tuesday, and elevated error rates in DALL-E on Monday. A banner displayed on ChatGPT during the disruptions attributed the issues to "exceptionally high demand" and urged users to be patient as the company worked on scaling its systems.

While OpenAI has not formally attributed the DDoS attacks, Anonymous Sudan, a threat actor, claimed responsibility on Wednesday. According to the group, the attacks were motivated by OpenAI's perceived bias towards Israel and against Palestine. The attackers announced the "CHATGPT link completely dead now worldwide" on their Telegram channel, revealing the use of the SkyNet botnet, which began offering stresser services in October and recently added support for Layer 7 (L7) DDoS attacks.

Layer 7 DDoS attacks target the application level to overwhelm services with an extensive volume of requests, putting significant strain on server and network resources. Anonymous Sudan previously claimed responsibility for Layer 7 DDoS attacks on Microsoft's Outlook.com, OneDrive, and Azure Portal in June. Some cybersecurity researchers, however, posit that this could be a false flag, suggesting potential links to Russia and casting doubt on the authenticity of Anonymous Sudan's claims.

References

https://status.openai.com/incidents/21vl32gvx3hb

https://t.me/xAnonymousSudan/243