Taiwanese government sites hit with DDoS attacks ahead of Pelosi’s visit
An apparent distributed denial-of-service attack shut down the president of Taiwan’s website for about 20 minutes Tuesday hours before Speaker of the House Nancy Pelosi’s historic visit, a presidential spokesperson said on Facebook.
An “overseas DDoS attack” hit the office about 5:15 p.m. local time, according to a Google translation of the message. Tingting Liu, a journalist with the Taiwan’s TVBS news, reported that the traffic was “200 times that of a normal day.”
A series of other Taiwanese-based websites appeared to also have had intermittent issues Tuesday, including Taiwan’s Ministry of Foreign Affairs and the Taiwan Taoyuan International Airport. Both sites were, at times, inaccessible mid-morning U.S. time. The presidential site was up, but the English version displayed an “OK” and nothing else.
Taiwanese officials and their counterparts in the U.S. have been on heightened alert in anticipation of Pelosi’s visit, which marks the highest-level U.S. official to visit the island in 25 years. The Chinese government views Pelosi’s visit as an escalation of tensions between the U.S. and China, and warned of “disastrous consequences” if the U.S. “mishandles the situation,” The Washington Post reported.
A spokesperson for the U.S. National Security Council did not immediately respond to a request for comment.
DDoS attacks are relatively basic and don’t require sophisticated tooling or the resources of state-backed hackers to pull off. Smaller DDoS attacks are common and typically a nuisance, but larger attacks can cause prolonged issues and inaccessibility.
Doug Madory, the director of internet analysis at network monitoring firm Kentik, told CyberScoop Tuesday that there were noticeable spikes in traffic to websites for the airport and other sites. The attacks were “effective, but not record breaking,” he said. “As far as the core pipes of the Taiwanese internet, everything looks normal.”
Johannes Ullrich, the dean of research at the SANS Institute, said in a blog post Tuesday that the available data about Tuesday’s DDoS activity suggested it wasn’t “huge,” and “something likely within the capabilities of a few hacktivists getting together.”
John Hultquist, the vice president of intelligence analysis at Mandiant, said in a statement that the situation in Taiwan “has already led to cyber threat activity, some of which is apparent, like DDoS attacks on websites in Taiwan.”
Two Chinese information operations Mandiant tracks “have shifted their narratives in recent days” to a focus on Pelosi’s visit, he said, and “[we] anticipate that Chinese actors are also carrying out significant cyber espionage against targets in Taiwan and the U.S. to provide intelligence on the crisis.”