Cyber Incident Victim: National Archives of the Philippines
Date:
Jul 2016
Location:
Philippines
Summary
A series of DDoS attacks targeted multiple Philippine government websites, including the National Archives, disrupting operations and rendering some services inaccessible. The attacks affected 68 portals ranging from critical agencies like the Department of National Defense to smaller entities such as local government units and medical centers, significantly hindering administrative functions. Following the initial disruptions, two government portals were defaced with messages attributed to the "Chinese government," though the attacks' origin remained unverified. Officials suspected Chinese hackers due to the timing coinciding with an international tribunal ruling favoring the Philippines in a territorial dispute with China over maritime boundaries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 12, 2016, coinciding with the Permanent Court of Arbitration's ruling in favor of the Philippines regarding maritime territorial disputes with China in the West Philippine Sea, a series of distributed denial-of-service (DDoS) attacks crippled 68 Philippine government websites. The attacks commenced during the afternoon of July 12 and maintained consistent intensity through July 13 before subsiding in subsequent days. Targeted entities spanned critical national infrastructure and smaller administrative bodies, including high-profile agencies such as the Department of National Defense, Department of Foreign Affairs, Bangko Sentral ng Pilipinas (central bank), and National Disaster Risk Reduction and Management Council. Non-sensitive and smaller institutions were equally affected, with the National Archives of the Philippines, Komisyon sa Wikang Pilipino (Filipino language regulatory body), Manila City Hall, East Avenue Medical Center, and portals of local government units experiencing disruptions. The sustained attacks severely impeded government operations, rendering some services temporarily inaccessible.
By July 16, officials discovered two defaced government portals displaying messages attributed to the "Chinese government," though the associated Twitter account linked in the defacements belonged to an inactive Anonymous member. While Philippine authorities acknowledged the inability to conclusively identify the attackers, they emphasized the temporal correlation with the Hague ruling as basis for suspecting Chinese involvement. The incident occurred amid heightened bilateral tensions, with the article noting hacktivist groups like Anonymous Philippines and LulzSec Philippines as active participants in regional cyber conflicts. No technical mitigation measures or forensic findings were disclosed in the available reporting. The attacks represented one of the most extensive disruptions to Philippine digital infrastructure at the time, directly impacting agencies responsible for national security, public administration, and cultural preservation.