Cyber Incident Victim: Metropolitan Manila Development Authority
Date:
Jul 2016
Location:
Philippines
Summary
A series of DDoS attacks targeted multiple Philippine government websites, including the Metropolitan Manila Development Authority, following an international ruling on a territorial dispute in the West Philippine Sea. The attacks disrupted operations across 68 government portals, affecting entities ranging from national defense and financial institutions to local municipalities and medical centers, severely hindering administrative functions. Subsequently, two sites were defaced with messages attributed to the "Chinese government," though the associated Twitter account was inactive. While officials suspected Chinese involvement due to geopolitical tensions and the timing coinciding with the arbitration outcome, no definitive attribution was confirmed. The incident heightened existing regional conflicts, with local hacktivist groups also noted for potential retaliatory actions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On July 12, 2016, coinciding with the Permanent Court of Arbitration's ruling in favor of the Philippines regarding maritime disputes with China in the West Philippine Sea, a series of distributed denial-of-service (DDoS) attacks targeted 68 Philippine government websites. The attacks commenced during the afternoon and persisted with consistent intensity through July 13 before diminishing in subsequent days. Affected entities spanned critical infrastructure and minor portals, including high-profile targets such as the Department of National Defense, Department of Foreign Affairs, and the Metropolitan Manila Development Authority (MMDA). Non-sensitive institutions like the Komisyon sa Wikang Pilipino, National Archives, and Manila City Hall were also compromised, alongside local government units and small municipal portals. The sustained attacks severely disrupted government operations, rendering some services temporarily inaccessible and impeding administrative functions across multiple agencies.
By July 16, officials identified additional compromises when two government websites were defaced with a message attributed to the "Chinese government," though the associated Twitter account linked to the defacement belonged to an inactive Anonymous member. While Philippine authorities could not conclusively attribute the attacks, the timing—immediately following the international tribunal's ruling against China's territorial claims—led to widespread suspicion of Chinese state-affiliated or nationalist actors. The incident exacerbated existing geopolitical tensions, with officials characterizing bilateral relations as nearing a breaking point. Concurrently, the article noted the Philippines' active hacktivist presence, including local branches of Anonymous and LulzSec, suggesting potential retaliatory cyber campaigns against Chinese entities. The attacks underscored vulnerabilities in governmental digital infrastructure during periods of heightened diplomatic strife, though no specific mitigation measures or technical responses were detailed in the available reporting.