Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit

Pierluigi Paganini August 04, 2022

Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy Pelosi.

Major Taiwan government websites were temporarily forced offline by distributed denial of service (DDoS) attacks attacks during the visit to Taipei of US House Speaker Nancy Pelosi.

The cyber attacks forced offline the government English portal, some websites of the presidential office, foreign ministry, and defence ministry.

Experts believe that the attack was coordinated by China-linked threat actors as retaliation for the visit of Nancy Pelosi.

Taiwan’s foreign ministry stated that the attacks were originated from Chinese and Russian IP addresses, the malicious traffic peaked up to 8.5 million times per minute.

“As cyber attacks from foreign hostile forces could still occur at any time, the foreign ministry will continue to remain vigilant” spokeswoman Joanne Ou told reporters. The presidential office said it would up its monitoring in the face of “hybrid information warfare by external forces”.

In August 2020, Chinese hackers gained access to around 6,000 email accounts belonging to at least 10 Taiwan government agencies, officials said.

In November 2021, Taiwanese government representatives revealed that around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China.

Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks and scans a day”. 

“We are strengthening the government’s defensive measures and collecting relevant data for analysis in a bid to stop the attacks when they are initiated,” Chien told lawmakers.

Taiwan’s defence ministry warned of an increase in the attacks carried by China-linked actors against its systems.

In February 2022, China-linked APT group APT10 (aka Stone Panda, Bronze Riverside) targeted Taiwan’s financial trading sector with a supply chain attack.

The campaign was launched by the APT10 group in November 2021, but it hit a peak between February 10 and 13 2022, Taiwanese cybersecurity firm CyCraft reported.

The group (also known as Cicada, Stone Panda, MenuPass group, Bronze Riverside, and Cloud Hopper) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide. In November 2020, researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability.

According to CyCraft, nation-state attackers compromised the supply chain of software systems of financial institutions as part of a campaign codenamed Operation Cache Panda.

The attack caused “abnormal cases of placing orders.”

The attackers exploited a vulnerability in the web management interface of an unnamed security software firm in Taiwan and deployed a web shell to deliver the Quasar RAT on the target system.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Taiwan)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment