{"id":7374,"date":"2025-02-19T12:00:00","date_gmt":"2025-02-19T18:00:00","guid":{"rendered":"https:\/\/www.threatstop.com\/blog\/introducing-the-deepseekai-domains-target"},"modified":"2025-02-19T12:00:00","modified_gmt":"2025-02-19T18:00:00","slug":"introducing-the-deepseekai-domains-target","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/19\/introducing-the-deepseekai-domains-target\/","title":{"rendered":"Introducing the \u201cDeepSeekAI &#8211; Domains\u201d Target"},"content":{"rendered":"<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/introducing-the-deepseekai-domains-target.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p><a href=\"https:\/\/www.nowsecure.com\/blog\/2025\/02\/06\/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app\/\" rel=\"noopener\" target=\"_blank\"><span><strong>NowSecure<\/strong><\/span><\/a> uncovered multiple security and privacy vulnerabilities in the <span><strong>DeepSeek iOS mobile app<\/strong><\/span>\u2014ranging from <span><strong>unencrypted data transmission<\/strong><\/span> and <span><strong>weak encryption practices<\/strong><\/span> to <span><strong>insecure data storage<\/strong><\/span> and <span><strong>extensive data collection<\/strong><\/span>. With warnings from security experts and worldwide bans in public and private sectors, enterprises need a proactive strategy for blocking DeepSeek usage on their networks.<\/p>\n<p><!--more--><\/p>\n<p>Today, <span><strong>ThreatSTOP<\/strong><\/span> is excited to announce a new target named <span><strong>\u201cDeepSeekAI &#8211; Domains\u201d<\/strong><\/span>, designed to proactively defend your organization from the significant risks identified by NowSecure. Whether you deploy <span><strong>DNS Defense Cloud<\/strong><\/span>(our DNS protection service using ThreatSTOP\u2019s DNS servers in the cloud) or <span><strong>DNS Defense<\/strong><\/span> (ThreatSTOP intelligence integrated with your on-premises DNS servers), you can now immediately restrict and block the use of DeepSeek-associated domains across your environment.<\/p>\n<p>Why DeepSeek Is a Risk<\/p>\n<p>According to the <span><strong>NowSecure<\/strong><\/span> assessment, the DeepSeek iOS app introduces critical issues that can compromise an organization\u2019s sensitive data, intellectual property, and overall security posture. Key concerns include:<\/p>\n<ul>\n<li><span><\/span><span><strong>Unencrypted Data Transmission<\/strong><\/span>: Sensitive information, including user details, can be intercepted and manipulated.<\/li>\n<li><span><\/span><span><strong>Weak &amp; Hardcoded Encryption Keys<\/strong><\/span>: Outdated encryption (Triple DES) and reused initialization vectors create exploitable vulnerabilities.<\/li>\n<li><span><\/span><span><strong>Insecure Data Storage<\/strong><\/span>: Credentials and encryption keys are stored in ways that attackers could easily harvest.<\/li>\n<li><span><\/span><span><strong>Extensive Data Collection &amp; Fingerprinting<\/strong><\/span>: The app aggregates enough information to identify and track individuals, posing a major surveillance threat.<\/li>\n<li><span><\/span><span><strong>Transmission &amp; Governance Under PRC Laws<\/strong><\/span>: Data is stored and processed by servers linked to China, raising compliance concerns and potential government oversight risks.<\/li>\n<\/ul>\n<p>These flaws make DeepSeek unsuitable for enterprise and government environments, as highlighted by NowSecure\u2019s recommendation for its immediate removal.<\/p>\n<p>ThreatSTOP\u2019s Proactive Approach<\/p>\n<p>ThreatSTOP\u2019s protective DNS solutions are constantly updated to stay ahead of emerging threats. Our <span><strong>ThreatSTOP Security, Intelligence, and Research team<\/strong><\/span> specializes in creating protections for command and control, invalid traffic, peer-to-peer communication, data exfiltration, phishing, SPAM, Distributed Denial of Service (DDoS) activity, and more. These proactive policies have a track record of helping organizations intercept threats before they cause harm.<\/p>\n<p>With the new <span><strong>DeepSeekAI &#8211; Domains<\/strong><\/span> target, ThreatSTOP customers now have an additional layer of proactive protection. By blocking known risky domains associated with DeepSeek, you ensure that devices on your network\u2014whether managed or part of BYOD\u2014cannot communicate with DeepSeek\u2019s infrastructure. This approach mitigates the risk of data leakage, credential theft, or unauthorized surveillance, helping you maintain a robust security posture without compromising business operations.<\/p>\n<p><strong>How It Works<\/strong><\/p>\n<p><span><\/span>1.<span> <\/span><span><strong>DNS Defense Cloud<\/strong><\/span>: For customers using our cloud-based DNS servers, simply enable the new DeepSeekAI &#8211; Domains target in your ThreatSTOP policy. All DNS lookups to associated DeepSeek domains will be denied automatically\u2014no on-premises hardware changes needed.<\/p>\n<p><span><\/span>2.<span> <\/span><span><strong>DNS Defense<\/strong><\/span>: Customers running ThreatSTOP intelligence on their own DNS infrastructure can activate DeepSeekAI &#8211; Domains in the same, straightforward manner. The lists are updated constantly, ensuring that any new domains tied to DeepSeek threats are blocked as soon as they appear in our system.<\/p>\n<p>By stopping resolution requests at the DNS layer, ThreatSTOP prevents users from inadvertently connecting to unsafe endpoints, even if employees have the DeepSeek app installed on their devices.<\/p>\n<p>Taking Action<\/p>\n<p>With the findings from NowSecure, many enterprises and government agencies have already pulled DeepSeek from their devices. However, ensuring this app can\u2019t bypass policy or resurface in your environment calls for layered defenses. ThreatSTOP offers a decisive line of protection, giving security teams the confidence that DeepSeek\u2019s compromised domains won\u2019t pose a threat to data or operations.<\/p>\n<p>Next Steps<\/p>\n<p><span><\/span>\u2022<span> <\/span><span><strong>Enable the \u201cDeepSeekAI &#8211; Domains\u201d target<\/strong><\/span>: Start blocking potentially harmful communications immediately.<\/p>\n<p><span><\/span>\u2022<span> <\/span><span><strong>Audit existing device usage<\/strong><\/span>: Identify any users or systems still leveraging DeepSeek and remove it from all managed and BYOD devices.<\/p>\n<p><span><\/span>\u2022<span> <\/span><span><strong>Stay vigilant<\/strong><\/span>: Continue adopting new ThreatSTOP protections as soon as they are released. We regularly add new intelligence indicators so that your defenses remain active against emerging threats.<\/p>\n<p>Join the ThreatSTOP Family<\/p>\n<p>For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our&nbsp;<a href=\"https:\/\/www.threatstop.com\/threatstop-platform\" rel=\"noopener\" target=\"_blank\">product page<\/a>. Discover how our solutions can make a significant difference in your digital security landscape. We have&nbsp;pricing&nbsp;for all sizes of customers!&nbsp;Get started with a Demo today!<\/p>\n<p>Connect with Customers, Disconnect from Risks<\/p>\n<p><a href=\"https:\/\/www.threatstop.com\/blog\/introducing-the-deepseekai-domains-target\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NowSecure uncovered multiple security and privacy vulnerabilities in the DeepSeek<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[30,62,215,216,61],"tags":[3327,68],"class_list":["post-7374","post","type-post","status-publish","format-standard","hentry","category-dns","category-dns-security","category-passive-dns","category-pdns","category-protective-dns","tag-news-announcements","tag-protective-dns"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Threat Stop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/threatstop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/dns\/\" rel=\"category tag\">DNS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/dns-security\/\" rel=\"category tag\">DNS Security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/passive-dns\/\" rel=\"category tag\">Passive DNS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/pdns\/\" rel=\"category tag\">PDNS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/protective-dns\/\" rel=\"category tag\">Protective DNS<\/a>","tag_info":"Protective DNS","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7374"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7374\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}