Cyber Threat Actor: Bloodsec International

Bloodsec International, also referenced as Blood Security Hackers International, is a threat actor whose known activities are confined to a handful of politically motivated website compromises. Publicly reported information places the group's operations in the Philippines, with its first and most documented incident occurring in January 2015. The actor's identity and full composition remain opaque, with no public attribution to a specific nation-state or organized criminal consortium. Their operational history is extremely limited in the public domain, consisting primarily of two defacement events that share a common thematic trigger.

The group's targeting has been narrowly focused on the media and telecommunications sectors within the Philippines, specifically choosing high-profile websites as platforms for their messages. Their strategic objective is unequivocally disruption and propaganda, not financial gain or espionage, as their attacks are designed to amplify a political grievance and attract public attention. The Tactics, Techniques, and Procedures (TTPs) observed are rudimentary, centering on website defacement to post threatening statements and demands. There is no publicly available evidence suggesting the use of sophisticated malware families, complex persistence mechanisms, or multi-stage intrusion chains; the actor's method is the direct compromise and alteration of a website's content. The initial access vector is not detailed in reporting, but the outcome is the unilateral control of the web server to display the group's narrative.

The most significant publicly reported operation involved the compromise of journalist Alan Robles' satirical political website, Hotmanila.ph. This attack was explicitly linked by the hackers to the journalist's prior posts questioning the government's response to the Mamasapano clash, where 44 police officers were killed. The defacement served as a direct channel to issue a threatening message to President Benigno Aquino III, criticizing his perceived disrespect toward the fallen officers. Prior to this, the group had also defaced a telecommunications company's website, again demanding accountability from government officials. These campaigns are characterized by their immediate, reactive nature in response to specific national events, using digital vandalism to insert themselves into a political discourse. No further campaigns or a broader pattern of activity beyond these two linked incidents have been publicly documented, leaving the actor's full capabilities, resources, and longevity undetermined.