Cyber Incident Victim: Taiwan
Date:
Aug 2022
Location:
Taiwan
Summary
Multiple Taiwanese government websites, including those of the president's office, National Defense Ministry, Foreign Affairs Ministry, and the largest international airport, experienced disruptions due to distributed denial-of-service attacks. The president's office site saw traffic surge to 200 times normal levels, causing temporary downtime before partial restoration, though some services remained intermittently inaccessible. The incidents coincided with heightened geopolitical tensions surrounding a high-profile U.S. official's visit, with officials attributing the attacks to overseas actors and referencing "continuous compound information operations by foreign forces." Cybersecurity experts characterized the DDoS scale as potentially achievable by hacktivists but noted more sophisticated tools like 'Great Cannon' could indicate coordinated involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 2, 2022, hours before U.S. House Speaker Nancy Pelosi arrived in Taiwan, multiple Taiwanese government websites experienced distributed denial-of-service (DDoS) attacks. At approximately 5 pm local time, the website of the Taiwanese President’s Office sustained an overseas DDoS attack that increased traffic volumes to 200 times normal levels, causing temporary disruption. The presidential site was restored within 20 minutes, though its English-language version remained partially affected, displaying only the word "OK" in the top-left corner as of Tuesday afternoon EST. Concurrently, websites for Taiwan’s National Defense Ministry, Foreign Affairs Ministry, and Taiwan Taoyuan International Airport—the country’s largest airport—faced similar disruptions. While the Defense and Foreign Affairs Ministry sites regained accessibility by Tuesday afternoon EST, the airport’s website remained nonfunctional. Taiwanese officials confirmed the attacks but did not attribute them to specific actors. President Tsai Ing-wen’s spokesperson, Chang Tun-Han, publicly acknowledged the incident, while another spokesperson, Zhang Dunhan, stated government agencies would enhance monitoring to safeguard national information security against "continuous compound information operations by foreign forces."
The disruptions occurred amid heightened geopolitical tensions preceding Pelosi’s visit, the first by a high-ranking U.S. official in 25 years. Chinese leader Xi Jinping had warned U.S. President Joe Biden days earlier that the trip violated China’s "one China" policy, cautioning that "those who play with fire will perish by it." Shortly after Pelosi’s arrival, China escalated military activity by deploying 20 planes into Taiwan’s airspace. Cybersecurity researchers observed ancillary effects, including DNS resolution issues affecting Taiwan’s Foreign Affairs Ministry website in some regions—an anomaly atypical for standard DDoS attacks. Johannes Ullrich of the SANS Institute noted a slight increase in scans for "nuisance vulnerabilities" and warned organizations with high visibility in China or U.S. government ties to anticipate DDoS campaigns. He assessed the presidential website attack as feasibly executed by a small hacktivist group but highlighted more sophisticated tools like ‘Great Cannon’ as potential vectors for coordinated operations. Taiwan’s National Defense and Foreign Affairs Ministries did not publicly elaborate on mitigation measures or technical specifics of the attacks.