Cyber Incident Victim: Maritime Industry Authority
Date:
Jun 2024
Location:
Philippines
Summary
The Maritime Industry Authority (MARINA) experienced a cyberattack compromising four web-based systems, with hacker "ph1ns" leaking sensitive data including personal and potentially financial information of ship owners and seafarers. The breach, attributed to an Unrestricted File Upload vulnerability, resulted in approximately 20 gigabytes of exfiltrated data. Ph1ns, linked to prior breaches of Philippine government agencies like the Department of Science and Technology and the Philippine National Police, highlighted systemic security weaknesses while acknowledging some government cybersecurity efforts. The agency mobilized personnel to secure affected systems, aiming for restoration within days to resume application processing, and assured stakeholders of its commitment to system integrity and data protection.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 16, 2024, the Maritime Industry Authority (MARINA) of the Philippines confirmed a cyberattack compromising four of its web-based systems. The breach was publicly announced by the hacker "ph1ns" on Breach Forums, an online platform used to disseminate stolen data. Ph1ns shared samples of exfiltrated information, which included sensitive personal details of ship owners and Filipino seafarers such as names, addresses, contact information, and potentially financial records. The hacker claimed to have extracted approximately 20 gigabytes of data by exploiting an Unrestricted File Upload vulnerability. Ph1ns described the attack as easier to execute than their prior breach of the Department of Science and Technology (DOST), attributing the relative difficulty of the DOST intrusion to better network segmentation and the need to locate credentials in backup files. However, they noted the MARINA attack required similar effort to their earlier Philippine National Police (PNP) compromise. MARINA detected the intrusion the same morning and immediately deployed officials and employees to its Central Office to contain the incident. The agency prioritized securing system integrity with the goal of restoring functionality by June 18 to resume processing applications.
The breach primarily affected MARINA employees, with estimates suggesting between "a few dozen and a few hundred" individuals impacted. Ph1ns left a message on defaced servers and reiterated concerns about government cybersecurity practices during an email interview, praising the Department of Information and Communications Technology (DICT) while criticizing unfulfilled post-PNP breach promises to collaborate with white hat hackers. The compromised data poses risks of identity theft, phishing scams, and extortion, potentially undermining trust in the maritime sector—a critical component of the Philippine economy—and jeopardizing the security of maritime operations. MARINA issued a press statement confirming the attack and its containment efforts but did not disclose specifics about victim notifications or forensic investigations. The incident marks ph1ns' latest intrusion in a series targeting Philippine government entities, including the DOST, PNP, Agricultural Credit Policy Council, and Department of Agriculture regional offices. While no operational disruptions beyond system downtime were reported, the exposure of seafarer data raised concerns about long-term implications for stakeholder confidence and maritime safety protocols. MARINA committed to providing further updates as the situation develops.