Amid rising tension between China and Taiwan, US House of Representatives Speaker Nancy Pelosi’s visit on Tuesday fueled Chinese aggression.
Before Pelosi’s visit, Taiwan’s government websites faced DDoS (Distributed Denial of Secrets) attack by hackers believed to be from China. During a DDoS attack, huge internet traffic is sent to the target server to stop the service.
Taiwan Presidential Palace spokesperson Chang Tun-Han acknowledged this and said in a Facebook post that the official website of the Presidential Palace was attacked by an overseas DDoS attack, and the attack traffic was 200 times that of normal traffic.
In a statement, the foreign ministry said that websites had been hit with up to 8.5 million traffic requests a minute from a “large number of IPs from China, Russia and other places, according to Reuters.
“Before Pelosi arrived, electronic bulletin boards in the Taiwan Railways Administration’s Sinzuoying Station and in some 7-Eleven convenience stores were hacked as well, showing messages in simplified Chinese characters asking Pelosi to leave Taiwan
The report further stated, “National Communications Commission Chairman Chen Yaw-shyang () on Wednesday told a news conference at the Executive Yuan that the bulletin boards in the convenience stores were easily hacked because they use Chinese software, which could contain Trojan malware and make them targets of cyberattacks.”
CHINESE CYBER ATTACKS
A report published by a Taiwanese security firm, CyCraft, attributed previous cyber attacks on financial institutions to disrupting the economic growth of Taiwan and stated that this intrusion is tracked under the code name of Operation Cache Panda to hacking group APT10.
This Chinese cyber-espionage group known in the cyber security industry as APT10 also acted in association with the Chinese state department in several hacking operations.
According to the US Department of Justice, “The APT10 Group targeted a diverse array of commercial activity, industries and technologies, including aviation, satellite and maritime technology, industrial factory automation, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production. Among other things, Zhu and Zhang registered IT infrastructure that the APT10 Group used for its intrusions and engaged in illegal hacking operations.”
According to Reuters, “In 2020, Chinese hacking group Blacktech linked to the Chinese government had attacked at least 10 government agencies and 6,000 email accounts of government officials in an “infiltration” to steal important data.
In November 2021, Taiwanese government representatives revealed that around five million cyber-attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China.
CONNECTION BETWEEN APT10 AND BLACKTECH
A report published by a Japanese cyber security researcher successfully identified the malware used by APT10 and Blacktech in different operations, which are “SodaMaster and TScookie”.
The identified common features between SodaMaster and TSCokkie are username, computer name and current process ID. This demonstrates the possibility of the one entity operating APT10 and Blacktech hacking group.
RETALIATION OF HACKTIVISTS AGAINST CHINA
The well-known hacking group “Anonymous”, known for its hacking campaigns against aggressive states, defaced Chinese government websites in vengeance for alleged cyber attacks on Taiwanese government websites.
China’s Heilongjiang Society Scientific Community Federation website was defaced by the anonymous collective @DepaixPorteur. The hacker defaced the website with the image of US House Speaker Nancy Pelosi and Taiwan’s President Tsai Ing-wen with the note “Taiwan Numbah Wan!” And “Taiwan welcomes US House Speaker Nancy Pelosi!”
Taiwan’s President Tsai Ing-wen sees the island as a sovereign nation, not a part of China; Taipei has accused Beijing of ramping up cyber attacks since 2016 after the Presidential election.