Cyber Incident Victim: National Disaster Risk Reduction and Management Council
Date:
Oct 2022
Location:
Philippines
Summary
The National Disaster Risk Reduction and Management Council experienced a security breach when its official Facebook page was compromised by unauthorized actors, disrupting critical disaster communication during an approaching tropical depression. The hackers gained control of the account, prompting the agency to initiate recovery efforts and issue a public apology for potential confusion. This incident mirrored a prior compromise of its implementing agency's Twitter account, which had been altered to promote cryptocurrency under an Elon Musk impersonation, though attribution remains unclear. The breach raised concerns about institutional cybersecurity resilience, particularly given the organization's role in disseminating emergency alerts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 11, 2022, at approximately 3:00 p.m., the National Disaster Risk Reduction and Management Council (NDRRMC) experienced a security breach when unauthorized actors gained control of its official Facebook page. The NDRRMC promptly issued a press statement confirming the compromise and assuring the public that necessary arrangements were underway to regain account access and investigate the incident. The agency emphasized its commitment to data privacy, security, and the welfare of its members. This breach occurred during an active tropical depression (Maymay) approaching Luzon, a critical period when the NDRRMC typically disseminates weather warnings and disaster preparedness updates through its social media channels. The council’s last pre-hack Facebook post dated to October 4, creating a seven-day communication gap coinciding with the weather emergency. The NDRRMC publicly apologized for any inconvenience or confusion caused by the incident to stakeholders and the general public. This marked the second cyber intrusion targeting the agency within ten months, following a November 2021 compromise of the verified Twitter account (@civildefensePH) operated by its implementing arm, the Office of Civil Defense (OCD).
The earlier November 14, 2021, Twitter breach involved unauthorized tweets promoting cryptocurrency and bitcoin on the profiles of Elon Musk and SpaceX. Attackers altered the OCD account’s display name to “Elon Muskx,” replaced its profile picture with Musk’s likeness, and modified the handle temporarily. While both incidents compromised official disaster communication channels during operational periods, the NDRRMC provided no confirmation of attribution or connection between the 2021 Twitter hacker and the 2022 Facebook attacker. The Facebook breach directly impaired the council’s capacity to issue real-time disaster alerts during Tropical Depression Maymay’s approach, raising public concerns about systemic cybersecurity vulnerabilities in Philippine disaster response infrastructure. No technical details regarding attack vectors, data exposure, or account recovery timelines were disclosed by the NDRRMC in either incident.