Cyber Incident Victim: Presidential Management Staff
Date:
Jul 2016
Location:
Philippines
Summary
A series of disruptive DDoS attacks targeted numerous Philippine government websites, including the Presidential Management Staff, following an international ruling favoring the country in a maritime dispute. The attacks overwhelmed 68 government portals—ranging from critical agencies like the Department of National Defense to smaller municipal sites—severely hampering operations, with some services rendered inaccessible. Subsequently, two government portals were defaced with messages attributed to the "Chinese government," though the Twitter account linked was inactive and associated with an Anonymous member. While officials could not conclusively identify the perpetrators, the timing led to suspicions of Chinese involvement amid heightened geopolitical tensions. The incident exemplified broader cyber disruptions affecting both strategic and non-sensitive government functions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 12, 2016, coinciding with the Permanent Court of Arbitration’s ruling in favor of the Philippines in a maritime dispute with China, a series of distributed denial-of-service (DDoS) attacks disrupted 68 Philippine government websites. The attacks began that afternoon and persisted with similar intensity through July 13 before subsiding in subsequent days. Targets included high-profile agencies such as the Department of National Defense, Department of Foreign Affairs, Presidential Management Staff, and Bangko Sentral ng Pilipinas, alongside smaller entities like the Komisyon sa Wikang Pilipino, National Archives, Manila City Hall, and East Avenue Medical Center. Local government units and town portals were also affected, significantly impeding routine government operations—some services became temporarily inaccessible. The attacks did not discriminate by organizational size or sensitivity, impacting both critical infrastructure and non-essential platforms equally.
By July 16, officials discovered two government websites had been defaced with a message attributed to the "Chinese government," though the associated Twitter account linked in the defacement belonged to an inactive Anonymous member. While Philippine authorities acknowledged the timing aligned with geopolitical tensions—particularly China’s rejection of the Hague ruling—they could not conclusively attribute the attacks. The incident exacerbated existing diplomatic strains, described as bringing the two nations "to the brink of war." No technical mitigation efforts or forensic findings were disclosed, but officials anticipated retaliatory cyber operations from Philippine-affiliated hacktivist groups like Anonymous and LulzSec against Chinese targets. The dual-phase assault—DDoS followed by defacement—highlighted operational disruptions across multiple tiers of government without compromising data or revealing attacker infrastructure.