Cyber attacks on Taiwan: China caught in its own tangle

Amid rising tension between China and Taiwan, US House of Representatives Speaker Nancy Pelosi’s visit on Tuesday fueled Chinese aggression. Before Pelosi’s visit, Taiwan’s government websites faced DDoS (Distributed Denial of Secrets) attack by hackers believed to be from China. During a DDoS attack, huge internet traffic is sent to the target server to stop the service.

Taiwan Presidential Palace spokesperson Chang Tun-Han acknowledged this and said in a Facebook post that the official website of the Presidential Palace was attacked by an overseas DDoS attack, and the attack traffic was 200 times that of normal traffic.

In a statement, the foreign ministry said that websites had been hit with up to 8.5 million traffic requests a minute from a “large number of IPs from China, Russia and other places, according to Reuters.

“Before Pelosi arrived, electronic bulletin boards in the Taiwan Railways Administration’s Sinzuoying Station and in some 7-Eleven convenience stores were hacked as well, showing messages in simplified Chinese characters asking Pelosi to leave Taiwan,” reported by Taipei Times.

Defaced screen at a convenience store in Taiwan.

The report further stated, “National Communications Commission Chairman Chen Yaw-shyang () on Wednesday told a news conference at the Executive Yuan that the bulletin boards in the convenience stores were easily hacked because they use Chinese software, which could contain Trojan malware and make them targets of cyberattacks.”

READ | Decoding Chinese chatter on Pelosi’s Taiwan visit

CHINESE CYBER ATTACKS

A report published by a Taiwanese security firm, CyCraft, attributed previous cyber attacks on financial institutions to disrupting the economic growth of Taiwan and stated that this intrusion is tracked under the code name of Operation Cache Panda to hacking group APT10.

This Chinese cyber-espionage group known in the cyber security industry as APT10 also acted in association with the Chinese state department in several hacking operations.

According to the US Department of Justice, “The APT10 Group targeted a diverse array of commercial activity, industries and technologies, including aviation, satellite and maritime technology, industrial factory automation, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production. Among other things, Zhu and Zhang registered IT infrastructure that the APT10 Group used for its intrusions and engaged in illegal hacking operations.”

According to Reuters, “In 2020, Chinese hacking group Blacktech linked to the Chinese government had attacked at least 10 government agencies and 6,000 email accounts of government officials in an “infiltration” to steal important data.

In November 2021, Taiwanese government representatives revealed that around five million cyber-attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China.

READ | Will China use Pelosi’s visit to change status quo with Taiwan?

CONNECTION BETWEEN APT10 AND BLACKTECH

A report published by a Japanese cyber security researcher successfully identified the malware used by APT10 and Blacktech in different operations, which are “SodaMaster and TScookie”.

The identified common features between SodaMaster and TSCokkie are username, computer name and current process ID. This demonstrates the possibility of the one entity operating APT10 and Blacktech hacking group.

Source code of Malwares (Source: kasperskydaily)

RETALIATION OF HACKTIVISTS AGAINST CHINA

The well-known hacking group “Anonymous”, known for its hacking campaigns against aggressive states, defaced Chinese government websites in vengeance for alleged cyber attacks on Taiwanese government websites.

China’s Heilongjiang Society Scientific Community Federation website was defaced by the anonymous collective @DepaixPorteur. The hacker defaced the website with the image of US House Speaker Nancy Pelosi and Taiwan’s President Tsai Ing-wen with the note “Taiwan Numbah Wan!” And “Taiwan welcomes US House Speaker Nancy Pelosi!”

Hacker also wrote, “There is one China, but Taiwan is the real China, while yours is only an imitation straight out of wish.com.”

A screenshot of the message posted on the website of China’s Heilongjiang Society Scientific Community Federation

Screenshot of the web archive of the defaced page

Taiwan’s President Tsai Ing-wen sees the island as a sovereign nation, not a part of China; Taipei has accused Beijing of ramping up cyber attacks since 2016 after the Presidential election.

READ | India too can play ‘Taiwan card’ if China misbehaves: Shashi Tharoor on Pelosi’s visit

READ | Pelosi in Taiwan: A US-China wrestling match to decide the new big boss

— ENDS —