Cyber Incident Victim: World Wildlife Fund
Date:
Feb 2014
Location:
Philippines
Summary
The official websites of World Wildlife Fund (WWF) and Earth Hour Philippines were compromised and defaced by the Indonesian hacking group Gantengers Crew, which left a message claiming responsibility but did not specify motives. The attackers replaced content with a declaration targeting "Muslim hackers," causing both sites to become inaccessible with error messages visible at the time of reporting. This incident followed a prior breach affecting the organization's China branch, which had exposed login credentials for tens of thousands of users and staff. The defacement mirrors were documented on Zone-H, reflecting temporary disruption to the environmental nonprofit's digital presence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 25, 2014, the official websites of World Wildlife Fund Philippines (wwf.org.ph) and its Earth Hour Philippines initiative (earthhour.wwf.org.ph) were compromised by the Indonesian hacking collective Gantengers Crew. The attackers replaced both websites' content with a defacement page displaying the message "Gantengers Crew Hacked you! :) Hacked WWF-Philippines, Indonesian h4x0r back! Greets / sh00ts To All Muslim hackers!" The defacement did not specify motives for targeting these environmental organizations. Zone-h.org, a platform tracking website compromises, archived mirrors of both hacked sites, confirming the unauthorized access. Both domains became inaccessible following the attack, displaying error messages when visitors attempted to load them. The incident marked a continuation of cybersecurity challenges for WWF affiliates, though no data theft or additional system compromises were reported in this specific event.
This breach followed a prior cybersecurity incident involving WWF China in 2013, where attackers compromised login credentials and personal information belonging to 58,411 users, staff members, and clients. The 2014 Philippine website defacements did not involve data exfiltration based on available records but disrupted public access to environmental advocacy resources. Historical patterns indicated WWF-associated domains faced recurring targeting, though attribution specifics and attacker objectives remained undocumented in public reporting of these incidents. Technical restoration timelines for the Philippine sites were not disclosed in source materials.