Cyber Incident Victim: Karapatan

Between May and June 2021, a series of distributed denial-of-service (DDoS) attacks targeted Philippine alternative media outlets Bulatlat and Altermidya, alongside human rights organization Karapatan. The Swedish digital rights nonprofit Qurium Media Foundation documented these incidents, noting brief but frequent attacks that disrupted website accessibility by flooding them with junk traffic. The most significant attack occurred on June 22, lasting several hours and rendering Bulatlat’s and Altermidya’s sites unreachable. Earlier in May, Qurium observed a machine associated with the Philippine Department of Science and Technology (DOST) conducting a vulnerability scan against Bulatlat using Sn1per, an automated penetration testing tool developed by Xerosecurity. Forensic analysis by Qurium traced connections between the scanning machine and multiple government entities, including the Philippine Army’s Office of the Assistant Chief of Staff for Intelligence.

The DOST initially denied involvement but later acknowledged through Undersecretary Rowena Guevara that it permitted other government agencies to use its IP addresses within their local networks. This admission followed Qurium’s public disclosure linking the attacks to state infrastructure. On July 29, 2021, Philippine media outlet ABS-CBN reported that Representative Ferdinand Gaite had filed a House resolution demanding an investigation into what he described as “state-sanctioned” cyberattacks against media entities. Gaite explicitly attributed the campaign to the government, stating the regime maintained a policy of targeting critical media. The attacks coincided with broader tensions between Philippine authorities and independent media, though no technical evidence directly implicated specific agencies beyond the observed IP links and tool usage.