The Philippines faces a surge in cyberattacks as tensions rise in the South China Sea. Hacktivists and misinformation campaigns target government websites, spread fake news, and disrupt critical infrastructure. Learn why the Philippines is a cyberwarfare hotspot and how the country can defend itself.
Resecurity reports a 325% increase in cyberattacks targeting the country in Q1 2024 compared to the same period last year. Cyberattacks involving hacktivist groups and foreign misinformation campaigns have nearly tripled with multiple attacks staged by unknown threat actors in Q2 2024, combining ideological motivations with nation-state-sponsored propaganda.
The Philippines, located near the South China Sea, is facing tensions due to China’s assertive actions and its role as a Major Non-NATO Ally (MNNA). The island nation’s maritime trade routes and proximity to Taiwan make it a potential staging ground for military operations in a larger conflict, prompting adversaries to disrupt the country’s infrastructure.
Resecurity found numerous hacktivist groups targeting the Philippines, including the pro-China Mustang Panda, DeathNote Hackers, and Exodus Security. In February, Exodus Security staged targeted DDoS attacks, leaking stolen data from various countries, including the Philippines, and announced partnerships with Cyber Operation Alliance, Robin Cyber Hood, Arab Anonymous, and Sylnet Gang-SG to broaden their activities.
In addition, local hacking groups, including Philippine Hacking University, Excommunicado, CyberMafia Philippines, Philippine Cyber Alliance, Bisaya Cyber Army, and LizardSquad Philippines, are also using hacking as a form of protest.
Recently, threat actor “KryptonZambie” claimed to have stolen over 152 gigabytes of Philippine citizen identity card data from unnamed sources whereas the Philippine Department of Science and Technology (DoST), was targeted by a cyberattack likely orchestrated by threat actors involved in a broader misinformation campaign.
It’s noteworthy that KryptonZambie was also responsible for the data breach of the widely-used CutOut.Pro AI Tool, leading to the exposure of personal details of over 20 million users on the infamous cybercrime and hacker forum Breach Forums.
The threat actor has recently claimed responsibility for data breaches at LeadSquared, an Indian software platform, and WeRize, India’s inaugural socially distributed full-stack financial services platform. Allegedly, the stolen data amounts to over 1.3 terabytes collectively.
📢 The hacker behind #CutOutPro breach involving 20 million accounts now claims to have breached @LeadSquared, an Indian software platform, and @WeRize_Official, India's first socially distributed full-stack financial services platform. The leaked data is over 1.3TB collectively. pic.twitter.com/FT0hNpPP4D
— Hackread.com (@HackRead) April 15, 2024
These groups use hacktivist-related monikers to avoid attribution and create a perception of social conflict online. They also use tactics like website defacement, data breaches, and misinformation campaigns to disrupt essential services and embarrass the government. They may also hijack government or critical infrastructure websites, steal sensitive data, and create public distrust through social media and online forums.
Cyberattacks in the Philippines have significant implications beyond immediate disruption. They can erode public trust, escalating tensions between the country and China, and disrupt the economy by affecting critical infrastructure.
To counter these threats, the Philippines needs a multifaceted approach. This includes upgrading cybersecurity infrastructure, investing in threat intelligence, and fostering public-private partnerships.