Cyber Incident Victim: Department of Foreign Affairs of the Philippines
Date:
Jul 2016
Location:
Philippines
Summary
A Philippines government department and numerous other agencies suffered widespread distributed denial-of-service attacks targeting 68 websites, including critical infrastructure and smaller portals, severely disrupting operations. The incident coincided with an international ruling favoring the Philippines in a territorial dispute with China, though attribution remained unconfirmed. High-profile targets included defense, foreign affairs, and financial institutions, while less critical sites like medical centers and local municipalities were also impacted. Following the initial attacks, two government portals were defaced with messages purportedly from Chinese authorities but linked to inactive hacktivist accounts. Officials noted the attacks subsided after several days but highlighted persistent tensions between the nations and anticipated reciprocal cyber activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On July 12, 2016, coinciding with the Permanent Court of Arbitration’s ruling in favor of the Philippines regarding maritime disputes with China in the West Philippine Sea, a series of distributed denial-of-service (DDoS) attacks crippled 68 Philippine government websites. The attacks commenced in the afternoon and persisted with sustained intensity through July 13, disrupting operations across high-profile agencies including the Department of Foreign Affairs, Department of National Defense, Department of Interior and Local Government, and the central bank (Bangko Sentral ng Pilipinas). Smaller entities such as the Komisyon sa Wikang Pilipino, National Archives, Manila City Hall, and local government unit portals were also impacted, rendering many sites inaccessible and hindering routine administrative functions. The scale of targeting—spanning critical infrastructure, municipal services, and non-sensitive cultural bodies—indicated a broad disruptive intent rather than selective data theft. Activity subsided in subsequent days, though operational recovery timelines were not specified.
By July 16, officials discovered two defaced government portals displaying messages attributed to the "Chinese government," accompanied by a defunct Twitter handle associated with an Anonymous member. While the DDoS attacks caused widespread accessibility issues, the defacements introduced a symbolic component to the incident. Philippine authorities could not conclusively attribute the attacks but highlighted the temporal correlation with the Hague ruling as circumstantial evidence pointing to Chinese-linked actors. The incident exacerbated existing diplomatic tensions, with officials characterizing bilateral relations as nearing a breaking point. Concurrently, the article noted the Philippines’ active hacktivist factions like Anonymous and LulzSec, implying potential retaliatory cyber campaigns against Chinese entities, though no such actions were confirmed in the immediate aftermath.