Cyber Incident Victim: Taiwan's Ministry of National Defense
Date:
Aug 2022
Location:
Taiwan
Summary
Taiwan's Ministry of National Defense experienced a distributed denial-of-service (DDoS) attack that temporarily disabled its network for approximately two hours following a high-profile U.S. official's visit, which drew strong objections from China. The incident coincided with disruptions to multiple government websites, including those of the presidential office, Foreign Affairs Ministry, and the country's largest airport, with traffic surges reaching 8.5 million requests per minute originating primarily from IP addresses in China and Russia. Concurrently, defacement attacks targeted public screens at transportation hubs and government facilities, displaying messages condemning the visit. These cyber incidents occurred alongside heightened military activities near Taiwan, which Chinese authorities explicitly linked to their opposition to the visit and Taiwan's political status.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 3, 2022, Taiwan’s Ministry of National Defense experienced a distributed denial-of-service (DDoS) attack that disrupted its network for approximately two hours, starting around 11:40 p.m. local time and ending near 12:30 a.m. The incident occurred shortly after U.S. House Speaker Nancy Pelosi concluded her visit to Taiwan, which marked the first high-level U.S. official visit in 25 years and drew strong condemnation from Chinese officials. The ministry confirmed it coordinated with other government agencies, including the President’s office, to defend its information security infrastructure. This attack followed earlier disruptions on August 2, when multiple Taiwanese government websites—including those of the President’s office, National Defense Ministry, Foreign Affairs Ministry, and Taiwan Taoyuan International Airport—were targeted by DDoS attacks. The President’s office spokesperson reported a surge to 200 times normal traffic volume during the August 2 incident, which originated from overseas. Taiwan’s Foreign Ministry later disclosed these attacks involved 8.5 million requests per minute from IP addresses linked to China, Russia, and other locations. Concurrently, defacement attacks targeted digital screens at convenience stores, Taiwan Railways Administration stations, and local government offices, displaying messages criticizing Pelosi’s visit, including derogatory terms like "old witch."
The cyber incidents coincided with escalating military tensions. On August 4, China initiated large-scale military exercises near Taiwan, including missile launches and repeated crossings of the Taiwan Strait median line by warships. China’s Defense Ministry explicitly linked these actions to Pelosi’s visit, stating they aimed to deter "Taiwan independence" and external interference. Chinese Foreign Minister Wang Yi condemned the visit as "manic, irresponsible, and extremely irrational." Cybersecurity researchers observed increased scanning activity from Chinese IP addresses for vulnerabilities like WordPress ahead of Pelosi’s arrival, though experts characterized the DDoS attacks as relatively unsophisticated. Some analysts, including Bugcrowd’s Casey Ellis, suggested the attacks were unlikely to be state-sponsored due to their crude nature, while others viewed them as part of a broader coordinated response by China. In a countermeasure, hackers associated with Anonymous defaced a Chinese provincial government website with anti-government messages. Taiwanese authorities maintained vigilance against both cyber and physical threats, documenting intrusions by suspected Chinese drones and continued military posturing throughout the region.