Cyber Incident Victim: House of Representatives
Date:
Mar 2024
Location:
Philippines
Summary
The House of Representatives website experienced a severe distributed denial-of-service (DDoS) attack aimed at disrupting access by overwhelming it with traffic, temporarily rendering the platform unavailable. Attack volumes surged to over 541 million incidents, originating from multiple countries including Indonesia, the United States, Colombia, India, Russia, Tunisia, Thailand, and Greece, though potential VPN use obscures true origins. The institution's ICT team mitigated the attack using Cloudflare services, displayed maintenance notices, restarted servers, and restored functionality after intermittent downtimes. Officials confirmed no data breaches or compromises to institutional or personal information occurred. Operations normalized following containment, with ongoing monitoring and reporting to the national cybersecurity authority.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 13, 2024, the official website of the House of Representatives of the Philippines experienced a significant distributed denial-of-service (DDoS) attack, marking the second such incident following an earlier attack in October 2023. The cyberattack began with an initial surge of 53.72 million malicious traffic requests between 8:00 AM and 9:00 AM local time, overwhelming the website’s infrastructure and rendering it temporarily inaccessible. Attack traffic originated from Indonesia, the United States, Colombia, India, and the Russian Federation, though House officials acknowledged these locations might be obscured by attackers’ use of virtual private networks (VPNs). By 2:52 PM, the attack intensified dramatically, with an additional 487.93 million requests originating from Tunisia, Thailand, and Greece, bringing the total recorded malicious traffic to 541.66 million attempts—a scale unprecedented in severity compared to prior incidents.
The House Information and Communications Technology Service (ICTS) team immediately activated countermeasures, leveraging Cloudflare services to filter and block malicious traffic while displaying an “under maintenance” notice to users. Technicians restored service through server restarts and mitigated several intermittent downtimes throughout the day. Secretary-General Reginald Velasco confirmed no institutional or personal data was compromised, emphasizing that the attack solely aimed to disrupt public access to the website rather than breach sensitive information. The incident was reported to the Department of Information and Communications Technology (DICT) for further investigation into the attackers’ origins and motives. By the evening of March 13, normal operations resumed with no subsequent attacks observed, though ICTS maintained enhanced monitoring. Velasco publicly commended the ICTS team’s rapid response while urging continued vigilance to ensure uninterrupted public access to congressional information.