Cyber Incident Victim: Manila City Hall
Date:
Jul 2016
Location:
Philippines
Summary
A series of DDoS attacks targeted multiple Philippine government websites, including Manila City Hall, following an international ruling on a maritime territorial dispute. The attacks disrupted operations across 68 government portals, affecting both high-profile agencies like the Department of National Defense and smaller entities such as local government units, rendering some services inaccessible. Subsequently, two government sites were defaced with messages purportedly from the "Chinese government," though attribution remained unconfirmed. While officials suspected Chinese involvement due to geopolitical tensions coinciding with the attacks, no definitive source was identified. The incidents hindered administrative functions and underscored vulnerabilities in critical digital infrastructure during periods of heightened diplomatic friction.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 12, 2016, coinciding with the Permanent Court of Arbitration's ruling favoring the Philippines in its maritime dispute with China over territorial claims in the West Philippine Sea, a series of distributed denial-of-service (DDoS) attacks targeted 68 Philippine government websites. The attacks commenced in the afternoon and persisted with comparable intensity through July 13 before subsiding in subsequent days. Both high-profile and minor government portals were affected, including critical agencies like the Department of National Defense, Department of Foreign Affairs, and Bangko Sentral ng Pilipinas, alongside non-sensitive entities such as Manila City Hall, the National Archives, and the Komisyon sa Wikang Pilipino. Local government units and smaller municipal portals also experienced disruptions, severely impeding routine administrative functions and rendering some services entirely inaccessible during the attack period. The scale of the incident impacted digital operations across multiple tiers of governance, from national institutions to regional offices.

By July 16, authorities identified two defaced government websites displaying messages attributed to the "Chinese government," though the associated Twitter account linked to the defacements belonged to an inactive member of Anonymous. Filipino officials acknowledged the inability to conclusively trace the attacks’ origin but highlighted the temporal correlation with the Hague ruling as circumstantial evidence implicating Chinese actors. The incident exacerbated existing diplomatic tensions, with bilateral relations described as nearing a crisis threshold. Concurrently, the article noted the operational presence of Philippine-affiliated hacktivist collectives like Anonymous and LulzSec, suggesting potential retaliatory cyber campaigns against Chinese digital assets. No technical mitigation measures or post-incident recovery actions were detailed in the available reporting.
