Taiwan resources hit by DDoS attacks and defaces due to Nancy Pelosi’s visit

Taiwan’s Ministry of National Defense said that after a visit on the island by Speaker of the US House of Representatives Nancy Pelosi, its network was disconnected due to a powerful DDoS attack that lasted approximately two hours. The media also reported that some websites, as well as screens in government agencies and stores, were defaced.

According to the country’s Department of National Defense, the attack began on August 4, 2022, shortly after Pelosi left the island. The DDoS started around 23:40 local time and ended around 00:30, lasting nearly two hours.

Pelosi’s visit was also preceded by DDoS attacks: on the eve of the Speaker of the US House of Representatives visit, a number of government sites in Taiwan were unavailable due to DDoS. For example, Tsai Ing-wen, a spokesman for the President of Taiwan, said that on August 2, at around 5:00 pm local time, the website of the president’s office was subjected to a “foreign DDoS attack”, as a result of which the traffic level increased 200 times compared to normal.

In addition to the attack on the president’s website, the websites of the Ministry of National Defense, the Ministry of Foreign Affairs, and the country’s largest international airport, Taoyuan, were affected. The Taiwan Ministry of Foreign Affairs told Reuters that during the attacks, the sites were hit by a DDoS of 8.5 million requests per minute, coming from “a large number of IP addresses from China, Russia and other places.”

In addition, according to local media, some websites and information screens located in stores and government offices were defaced and showed messages critical of Pelosi’s visit. For example, screens at some Taiwan Railways Administration stations showed messages calling Pelosi “the old hag.”

Johannes Ulrich of the SANS Institute, said in a blog post that prior to Pelosi’s visit, his team did see a slight increase in scans for “nasty vulnerabilities”, including bugs in Word Press originating from Chinese IP addresses. At the same time, he notes that DDoS attacks turned out to be relatively low-power.

Bugcrowd founder Casey Ellis echoes Ulrich’s point of view and writes that it is likely that these DDoS attacks were not even initiated by the Chinese government, as they came out “rather unsophisticated and somewhat clumsy.”