Cyber Incident Victim: Department of National Defense of the Philippines
Date:
Jul 2016
Location:
Philippines
Summary
Government websites in the Philippines experienced widespread disruption from distributed denial-of-service attacks targeting 68 portals, including high-profile agencies like the Department of National Defense and smaller entities such as local government units and medical centers. The attacks began shortly after an international tribunal ruling favoring the Philippines in a maritime territorial dispute with China, severely hindering online operations for multiple days. Subsequently, two portals were defaced with messages purportedly from the "Chinese government," though the associated Twitter account belonged to an inactive Anonymous member. While officials could not conclusively attribute the attacks, they highlighted China as the primary suspect given geopolitical tensions following the arbitration ruling.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 12, 2016, coinciding with the Permanent Court of Arbitration’s ruling favoring the Philippines in a maritime dispute with China over territorial claims in the West Philippine Sea, a series of distributed denial-of-service (DDoS) attacks targeted 68 Philippine government websites. The attacks commenced in the afternoon and persisted with similar intensity through July 13, disrupting operations across high-profile agencies including the Department of National Defense, Department of Foreign Affairs, Department of Interior and Local Government, Metropolitan Manila Development Authority, National Disaster Risk Reduction and Management Council, Presidential Management Staff, and Bangko Sentral ng Pilipinas. Smaller and non-sensitive entities were also affected, such as the Komisyon sa Wikang Pilipino, National Archives, Manila City Hall, East Avenue Medical Center, and portals of local government units and towns. The sustained attacks rendered many sites inaccessible, severely impeding routine government functions and public services. Attack volume diminished in subsequent days, though operational recovery timelines were not specified.
By July 16, officials identified additional compromises involving defacements of two government portals displaying messages attributed to the "Chinese government," accompanied by a link to an inactive Twitter account associated with an Anonymous member. Philippine authorities acknowledged the difficulty in conclusively attributing the attacks but highlighted the temporal correlation with the Hague ruling as circumstantial evidence pointing to Chinese actors. No technical evidence or forensic details confirming the perpetrators’ origins were disclosed. The incident exacerbated existing diplomatic tensions, with officials characterizing bilateral relations as critically strained. The article noted the Philippines’ active hacktivist community, including local branches of Anonymous and LulzSec, suggesting potential retaliatory cyber actions against Chinese entities, though no specific incidents were cited in the immediate aftermath. The attacks underscored vulnerabilities in government digital infrastructure during geopolitical crises.