Cyber Incident Victim: Philippine National Bank
Date:
May 2016
Location:
Philippines
Summary
The Philippine National Bank was targeted in a distributed denial-of-service (DDoS) attack by the hacktivist group Anonymous as part of Operation Icarus, alongside multiple other global financial institutions. The attack rendered the bank's website inaccessible for hours, with Anonymous claiming the action was retaliation for the arrest of a hacker linked to a prior breach of the Philippines' election commission database, emphasizing their support for digital activism and protest against government crackdowns. This incident aligned with broader Anonymous campaigns synchronizing cyber attacks with real-world protests, demonstrating their intent to disrupt financial infrastructure as a form of political dissent.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 13, 2016, the Philippine National Bank (PNB) became a target of a distributed denial-of-service (DDoS) attack conducted by the hacktivist group Anonymous as part of their Operation Icarus (OpIcarus) campaign. The attack coincided with strikes against four other financial institutions: the Bank of France, Central Bank of the United Arab Emirates, Central Bank of Tunisia, and Central Bank of Trinidad and Tobago. Anonymous executed simultaneous 250 Gbps DDoS attacks, overwhelming the banks' web infrastructure and forcing their websites offline for multiple hours. The Bank of France experienced two separate attacks within the same day, while PNB's outage represented the first confirmed cyber incident against a major Philippine financial institution during OpIcarus. Technical details about attack vectors or specific vulnerabilities exploited were not disclosed in available reporting. The immediate operational impact consisted of complete website unavailability, disrupting public access to banking portals and online services. No evidence indicated compromise of internal systems, financial data theft, or fund transfers during the incident.
Anonymous claimed responsibility through direct communication with cybersecurity news outlet HackRead, explicitly linking the PNB attack to their support for an unnamed hacker arrested by Philippine authorities the previous month. This individual had allegedly breached the Philippine Commission on Elections (COMELEC) website and leaked the entire voter database. The group framed the bank takedown as retaliation against government suppression of hacktivists, declaring "For every Anon they incarcerate, 100’s more will appear" while promoting the #freeanons hashtag. This marked a strategic expansion of OpIcarus beyond its original anti-banking establishment motives to include direct support for arrested activists. The operation's broader May 13-15 campaign impacted at least 14 financial institutions globally since its March 2016 relaunch, including central banks in South Korea, Jordan, Greece, Cyprus, and Bosnia and Herzegovina. All affected banking websites, including PNB's, were restored to normal operation within hours of the attacks. Anonymous publicly coordinated follow-up actions through a dedicated Facebook event page while vowing to continue OpIcarus indefinitely.