Pro-Russian Hacktivists Target Organizations in Taiwan With DDoS Attack Campaign


September 13, 2024 03:04 PM

The attack campaign against over 50 targets including government sites, airports, financial services and Taipei Stock Exchange.

Download

Overview

  • Pro-Russian threat actors NoName057(16), RipperSec and Cyber Army of Russia (aka People's Cyber Army) have launched DDoS attacks on Taiwanese targets.
  • The attacks are a reaction to Taiwan President Lai Ching-te’s comment in an interview with Taiwanese media that China should also take back land from Russia.
  • The attack campaign started on September 9 and continues against over 50 targets including government sites, airports, financial services and Taipei Stock Exchange.

Motivation

The attacks are a reaction to what Taiwan President Lai Ching-te said in an interview with Taiwanese media. NoName057(16), a pro-Russian threat actor and one of the most active hacktivist groups, announced: "Last week, the President of Taiwan suggested that China take away land in the Far East from Russia. This statement reflects the ‘virtual reality’ in which such satellite countries are immersed. Taiwan clearly feels its impunity, which is why it allows itself such attacks. One of our tasks is to remind such Taiwanese that they are just a pawn in this game, benefiting from US protectionism in the international arena. Moreover, Beijing's control over the island is only a matter of time. We remind you that this ‘chip country’ is part of China, we put Taiwanese sites and pass the baton to our friends from the [People's CyberArmy]."

Figure 1: NoName057 and People’s Cyber Army announce their attack campaign through Telegram
Figure 1: NoName057 and People’s Cyber Army announce their attack campaign through Telegram

Figure 1: NoName057 and People’s Cyber Army announce their attack campaign through Telegram

Threat Actors

NoName057(16) is a pro-Russian hacker group known for its cyberattacks on Ukrainian, American and European websites of government agencies, media and private companies. It is regarded as a well-organized pro-Russian hacktivist group with over 2.5 years of experience targeting countries that support Ukraine or speak badly about Russia.

RipperSec is a pro-Muslim hacktivist group operating from Malaysia. Their operations are politically motivated and are often coordinated through Telegram channels. The group has been involved in several high-profile DDoS attacks, including disruptions during significant geopolitical events.

Cyber Army of Russia is a decentralized pro-Russian hacktivist group that mainly targeted Ukraine at first. More recently, the group has started to align its targets more closely with NoName057(16). The group uses DDoS attacks to target governments and corporations perceived as oppressive or corrupt. They coordinate through social media platforms and Telegram, rallying support during geopolitical tensions.

It is common to see like-minded threat actors make ad-hoc alliances and collaborate on campaigns to increase their impact.

Attack Tools

Threat actors have mastered their ability to generate highly evasive and sophisticated HTTPS flood attacks that are hard to detect and mitigate.

The tools used by the aforementioned threat actors are known and have been reviewed by Radware:

Figure 2: RipperSec claims an HTTPS flood attack on the web services of TCB Bank Taiwan. The Check Host page shows the victim resources were offline

Figure 2: RipperSec claims an HTTPS flood attack on the web services of TCB Bank Taiwan. The Check Host page shows the victim resources were offline

Attack Timeline

Figure 3: Claimed Attacks per Day (Taiwan)

Claiming Actors

Figure 4: Claiming Actors

Targeted Industries

Figure 5: Targeted Industries

EFFECTIVE DDOS PROTECTION ESSENTIALS

Real-Time Signature Creation - Utilize Radware's ability to promptly create and deploy signatures to protect against emerging threats and zero-day attacks.

Cross-Platform Monitoring - Employ Radware's comprehensive monitoring tools to track influence operations across various digital channels.

Rapid Response Capabilities - Leverage Radware's 24/7 Emergency Response Team to swiftly address and mitigate emerging threats.

Behavioral-Based Detection - Leverage Radware's advanced behavioral analysis to quickly and accurately identify and block anomalous bot activity while allowing legitimate traffic.

AI-Powered Content Analysis - Implement Radware's AI-driven solutions to detect and mitigate sophisticated disinformation campaigns across multiple platforms.

For further network and application protection measures, Radware urges companies to inspect and patch their network to defend against risks and threats.

EFFECTIVE WEB APPLICATION SECURITY ESSENTIALS

Low false positive rate - using negative and positive security models for maximum accuracy

Auto-policy generation - capabilities for the widest coverage with the lowest operational effort

Bot protection and device fingerprinting - capabilities to overcome dynamic IP attacks and achieve improved bot detection and blocking

Full OWASP Top-10 – coverage against defacements, injections, etc.

Flexible deployment options – on-premises, out-of-path, virtual or cloud-based

Securing APIs - by filtering paths, understanding XML and JSON schemas for enforcement, and using activity tracking mechanisms to trace bots and guard internal resources

LEARN MORE AT RADWARE’S SECURITY RESEARCH CENTER

To know more about today’s attack vector landscape, understand the business impact of cyberattacks, or learn more about emerging attack types and tools, visit Radware’s Security Research Center. Additionally, visit Radware’s Quarterly DDoS & Application Threat Analysis Center for quarter-over-quarter analysis of DDoS and application attack activity based on data from Radware’s cloud security services and threat intelligence.

Click here to download a copy of the ERT Threat Alert.

Download Now

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia