Cyber Incident Victim: Formosa Television
Date:
Aug 2022
Location:
Taiwan
Summary
Formosa Television experienced a series of distributed denial-of-service (DDoS) attacks targeting its website and YouTube live broadcasts, coinciding with military exercises by China's People’s Liberation Army. Hackers altered the broadcaster’s YouTube content to display pro-China statements, though terrestrial and cable TV operations remained unaffected. The attacks, ranging in intensity, caused temporary disruptions but subsided over time. FTV promptly removed compromised content within minutes of detection and followed cybersecurity protocols by reporting breaches within an hour while implementing defensive measures such as collaborating with internet service providers and deploying web application firewalls to mitigate risks. The incident highlighted attempts to disrupt online platforms without impacting traditional broadcast channels.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Formosa Television (FTV) experienced a series of cyberattacks coinciding with China’s People’s Liberation Army live-fire military exercises in early August 2022. The National Communications Commission confirmed FTV as the sole Taiwanese broadcast media targeted by distributed denial-of-service (DDoS) attacks during this period, with breaches reported on August 6 (Saturday), August 7 (Sunday), August 8 (Monday), and August 10. The attacks primarily disrupted FTV’s website and YouTube live streams, peaking at bandwidth volumes between 3 to 10 megabits per second. On August 6 at approximately 8:52 p.m., hackers compromised FTV’s YouTube signal source host, replacing broadcast content with pro-China statements including "China’s territorial sovereignty cannot be interfered by outsiders" and "Public opinion must not be violated, and playing with fire will surely set oneself on fire." FTV detected the intrusion within two minutes, removing the unauthorized content by 8:54 p.m. while maintaining uninterrupted terrestrial and cable television operations.
FTV complied with Taiwan’s Cybersecurity Management Act by reporting each breach to authorities within one hour and implementing corrective measures within 72 hours. The broadcaster employed multiple DDoS mitigation strategies, including coordination with internet service providers to block offshore IP addresses via gateways and deployment of web application firewalls to isolate malicious traffic. The National Communications Commission mandated heightened content review protocols across all broadcast media to prevent infiltration of terrestrial and cable networks. Attack intensity diminished by August 10, though FTV continued managing residual threats to ensure broadcast security. Viewer screenshots preserved evidence of the YouTube channel compromise, which exclusively affected online platforms without disrupting conventional broadcast infrastructure.