Cyber Incident Victim: Taipei
Date:
Aug 2022
Location:
Taiwan
Summary
Taiwan's key government and airport websites experienced temporary outages due to distributed denial-of-service (DDoS) attacks amid heightened tensions with China surrounding a high-profile political visit. The incidents affected the defense and foreign affairs ministries, presidential office, and the main international airport, with disruptions attributed to overseas actors—some officials suggested links to China and Russia, though cybersecurity experts noted such attacks are common among hacktivists and lack definitive attribution. While the attacks caused intermittent accessibility issues, they were assessed as relatively minor with no lasting damage, contrasting with broader concerns about potential espionage activities during the period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 2, 2022, coinciding with U.S. House Speaker Nancy Pelosi’s visit to Taiwan, multiple Taiwanese government websites experienced distributed denial-of-service (DDoS) attacks causing intermittent outages. The affected sites included the official pages of President Tsai Ing-wen, the National Defense Ministry, the Foreign Affairs Ministry, and Taiwan Taoyuan International Airport. These attacks involved overwhelming the websites with coordinated traffic to disrupt public access. A spokesperson for President Tsai confirmed the DDoS incident via Facebook. Doug Madory of Kentik observed traffic patterns consistent with DDoS activity, describing the scale as "big enough to be effective but not record-breaking." Cybersecurity experts noted DDoS attacks require minimal technical skill, cause temporary disruption without lasting damage, and pose attribution challenges. John Hultquist of Mandiant indicated such attacks could originate from state-sponsored actors or nationalist hacktivists but emphasized China’s historical preference for cyberespionage over DDoS operations. At the time, Mandiant reported no evidence linking Chinese state hackers to espionage campaigns tied to Pelosi’s visit.
The cyber disruptions continued amid escalating tensions with China. On August 4, Taiwan’s Defense Ministry confirmed its website had been temporarily forced offline by renewed attacks, prompting closer coordination with other agencies to bolster cyber defenses. The ministry noted this incident followed earlier attacks targeting the presidential office and other government portals, which authorities partially attributed to overseas actors including China and Russia. No data breaches or permanent system damage were reported from any attacks. The incidents occurred against a backdrop of heightened geopolitical friction, with China publicly condemning Pelosi’s visit as a violation of its sovereignty claims over Taiwan. While the DDoS attacks disrupted public access to critical information channels, they did not compromise internal networks or classified systems. Taiwan’s responses focused on restoring service availability and hardening infrastructure against further volumetric attacks.