Cyber Incident Victim: House of Representatives
Date:
Mar 2024
Location:
Philippines
Summary
The House of Representatives website experienced a severe distributed denial-of-service (DDoS) attack, with over 541 million malicious attempts flooding its servers to disrupt public access. The attack caused intermittent downtime, prompting ICT experts to deploy Cloudflare defenses, restart servers, and display maintenance notices while successfully restoring functionality without data compromise. Originating IPs suggested sources across multiple countries, though potential VPN use obscured true locations. Officials confirmed no institutional or personal information was breached and reported the incident to national cybersecurity authorities for further investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 13, 2024, the House of Representatives of the Philippines experienced a significant distributed denial-of-service (DDoS) attack targeting its official website. The attack commenced with an initial surge of 53.72 million malicious requests recorded between 8:00 AM and 9:00 AM local time, overwhelming the site’s infrastructure and causing intermittent downtime. By 2:52 PM, the assault intensified dramatically, generating an additional 487.93 million attacks, bringing the total to 541.66 million malicious attempts within a single day. This marked the most severe cyber incident against the institution since a prior attack in October 2023, with the primary objective of flooding the website’s servers to render it inaccessible to the public. House Secretary General Reginald Velasco confirmed the attacks originated from multiple geolocations, including Indonesia, the United States, Colombia, India, Russia, Tunisia, Thailand, and Greece, though he acknowledged these indicators might be obscured by attackers’ use of virtual private networks (VPNs).
The House Information and Communications Technology Service (ICTS) team responded by deploying Cloudflare’s mitigation services to filter malicious traffic, temporarily displaying an “under maintenance” notice while restarting servers to restore functionality. They successfully contained the attack by blocking all identified threats and reported the incident to the Department of Information and Communications Technology (DICT) for further investigation. Velasco emphasized no personal, institutional, or operational data was compromised during the breach, assuring the public that backend systems remained secure. Normal website operations resumed following these interventions, with no subsequent attacks detected as of March 14. The ICTS team maintained continuous monitoring for anomalous activity, while House leadership formally requested the DICT determine the attack’s origins—whether domestic or foreign actors—and whether motivations involved financial extortion, political destabilization, or other objectives.