Cyber Threat Actor: Exodus Security

Exodus Security is a threat actor known by that alias and has been associated with operations originating from the Philippines. The group first came to public attention through a claimed cyberattack against the Philippine Army in early 2025, which remains the only publicly documented activity attributed to it. No additional aliases, geographic bases, or organizational structure have been disclosed in open sources.

On February 1 2025, Exodus Security asserted that it had gained unauthorized access to the Philippine Army’s networks and had compromised approximately 10,000 records containing sensitive personal, military, medical, financial, and criminal history data of both active and retired personnel. The Philippine Army acknowledged the incident as an illegal access attempt, stated that the breach was swiftly contained, and reported that no confirmed data theft or operational damage had been verified. Independent verification of the alleged leak’s authenticity and full scope has not been provided, and authorities have indicated that they are investigating possible foreign involvement in the incident. No further details regarding malware families, initial access vectors, or specific tooling used by Exodus Security have been made public.

As of now, no other campaigns or operations have been publicly linked to Exodus Security, and no definitive affiliations with state sponsors, criminal consortia, or other threat groups have been established. The absence of additional reported incidents means that any assessment of the actor’s typical targeting patterns, strategic objectives, or technical capabilities would rely solely on the single Philippine Army case. Consequently, the current profile is limited to the confirmed facts presented in the available source material.