Cyber Incident Victim: Komisyon sa Wikang Pilipino
Date:
Jul 2016
Location:
Philippines
Summary
Government websites in the Philippines, including Komisyon sa Wikang Pilipino and other high-profile agencies, experienced widespread DDoS attacks causing significant operational disruptions, with some services rendered impossible to conduct. The attacks coincided with a geopolitical ruling favoring the Philippines in a maritime dispute with China, leading officials to suspect Chinese hackers despite no conclusive attribution. Targets ranged from critical infrastructure to smaller local government portals, with additional defacements occurring days later on two sites displaying messages attributed to the "Chinese government" linked to an inactive Anonymous-associated Twitter account. The incident exacerbated existing tensions between the two nations amid heightened hacktivist activity from groups like Anonymous Philippines.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On July 12, 2016, coinciding with the Permanent Court of Arbitration's ruling in favor of the Philippines regarding maritime territorial disputes with China in the West Philippine Sea, a series of distributed denial-of-service (DDoS) attacks targeted 68 Philippine government websites. The attacks commenced in the afternoon and persisted with consistent intensity through July 13, disrupting operations across high-profile agencies including the Department of National Defense, Department of Foreign Affairs, and Bangko Sentral ng Pilipinas. Smaller entities such as the Komisyon sa Wikang Pilipino (the official regulatory body for the Filipino language), National Archives, Manila City Hall, and local government unit portals were also affected. The attacks rendered many websites inaccessible, severely impeding routine government functions and public service delivery. Technical details regarding attack vectors or bandwidth volume were not disclosed, but the widespread targeting of both strategic and non-sensitive agencies indicated a coordinated effort to maximize disruption during a period of heightened geopolitical tension.
By July 16, officials discovered two government websites had been defaced with a message purportedly from the "Chinese government," though the associated Twitter account linked to the defacement belonged to an inactive Anonymous member. While Philippine authorities acknowledged suspicions of Chinese state-affiliated involvement due to the attack's timing following the Hague ruling, no forensic evidence conclusively attributed the attacks to a specific actor. The incident occurred amid escalating bilateral tensions, with Philippine hacktivist groups like Anonymous Philippines and LulzSec publicly active, suggesting potential retaliatory cyber campaigns. The DDoS attacks subsided after July 13, though residual disruptions persisted intermittently until the defacements were identified and remediated over the weekend. No additional data breaches, data exfiltration, or long-term compromises beyond service availability issues were reported in the disclosed information.