Cyber Incident Victim: Marshall Islands National Telecommunications Authority
Date:
Mar 2022
Location:
Marshall Islands
Summary
The Marshall Islands National Telecommunications Authority experienced a distributed denial-of-service (DDoS) attack causing intermittent outages across home, business, and government internet services as well as mobile connectivity over a 10-day period. Technicians worked extensively to restore systems, eventually stabilizing operations with no further breaches detected, though the CEO acknowledged inherent vulnerabilities due to limited user cybersecurity awareness and resource constraints. While the perpetrator remained unidentified, officials suggested potential links to geopolitical tensions surrounding the Russia-Ukraine conflict, noting such attacks often escalate during international conflicts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-March 2022, the Marshall Islands National Telecommunications Authority (NTA) experienced widespread service disruptions affecting home, business, and government internet connectivity. DSL lines, dedicated network connections, and mobile 4G services became intermittently unavailable or completely non-functional, prompting NTA to issue repeated customer notifications about "intermittent disruptions" and "urgent maintenance." Initial troubleshooting efforts by NTA's IT and security teams involved extended overnight work sessions to reboot systems, but services continued failing with recurring error messages each morning. After several days of escalating outages, CEO Tommy Kijiner Jr. confirmed the disruptions resulted from a large-scale distributed denial-of-service (DDoS) attack targeting NTA's infrastructure. The attack persisted for approximately 10 days, marking the second major cyber incident against NTA during Kijiner's decade-long tenure. While the specific perpetrators remained unidentified, Kijiner noted the timing coincided with heightened global cyber activity following Russia's invasion of Ukraine, referencing White House warnings about potential Russian cyber operations against Western-aligned entities. The attack methodology involved flooding NTA's systems with overwhelming traffic volumes through botnets—networks of malware-infected devices—to block legitimate user access.
NTA technicians worked continuously to restore services, eventually stabilizing systems by late March with no detected firewall breaches at the time of reporting. Kijiner acknowledged NTA's vulnerability compared to larger organizations, citing historical compromises of major entities like the US Defense Department and CIA as evidence of universal cybersecurity challenges. He identified limited customer cybersecurity awareness as a critical vulnerability, noting most users skipped security protocols and readily clicked malicious links—common vectors for phishing campaigns that build botnets. The CEO admitted NTA had historically underinvested in user education about email security practices despite the population's high susceptibility to social engineering. Service disruptions impacted essential communications across residential, commercial, and government sectors throughout the attack period, though no data breaches or persistent network compromises were reported. Kijiner emphasized that small-scale operators like NTA face disproportionate risks due to limited defensive resources in an environment where both state-sponsored hackers and individual threat actors conduct frequent attacks.