Cyber Incident Victim: Bangko Sentral ng Pilipinas

On July 12, 2016, coinciding with the Permanent Court of Arbitration’s ruling in favor of the Philippines regarding territorial disputes with China in the West Philippine Sea, a series of distributed denial-of-service (DDoS) attacks targeted 68 Philippine government websites. The attacks commenced in the afternoon and persisted with significant intensity through July 13, disrupting operations across multiple agencies. High-profile targets included the Department of National Defense, Department of Foreign Affairs, Presidential Management Staff, and Bangko Sentral ng Pilipinas (the central bank), alongside smaller entities such as the Komisyon sa Wikang Pilipino, National Archives, Manila City Hall, and local government unit portals. The sustained attacks rendered many sites inaccessible or severely degraded, impeding routine government functions and public services. While the intensity diminished after July 13, the disruption extended into subsequent days, complicating administrative workflows for agencies of varying operational scales.

By July 16, officials discovered two defaced government websites displaying a message attributed to the "Chinese government," though the associated Twitter account linked to the defacement belonged to an inactive Anonymous member. Philippine authorities acknowledged the difficulty in conclusively attributing the attacks but highlighted the timing’s correlation with the Hague ruling as a basis for suspecting Chinese involvement. The incident occurred amid heightened geopolitical tensions, with the Philippines asserting that China’s artificial island construction infringed on its maritime territory. No technical evidence or forensic details regarding the attack vectors, mitigation efforts, or specific impacts on Bangko Sentral ng Pilipinas’ systems were disclosed. The attacks underscored broader vulnerabilities in government digital infrastructure during a period of acute diplomatic strain.