Cyber Incident Victim: East Avenue Medical Center
Date:
Jul 2016
Location:
Philippines
Summary
A massive DDoS attack targeted numerous Philippine government websites, including high-profile agencies and smaller entities like the East Avenue Medical Center, severely disrupting operations and rendering some services inaccessible. The attacks coincided with a contentious international ruling favoring the Philippines in a maritime dispute with China, escalating suspicions of Chinese involvement. Following the DDoS campaign, two government portals were defaced with messages attributed to the "Chinese government," though the linked Twitter account belonged to an inactive Anonymous member. Officials noted the incident's timing aligned with heightened geopolitical tensions but could not conclusively identify the perpetrators.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident began on July 12, 2016, coinciding with the Permanent Court of Arbitration's ruling in favor of the Philippines regarding territorial disputes with China in the West Philippine Sea. That afternoon, distributed denial-of-service (DDoS) attacks targeted 68 Philippine government websites across multiple agencies. The attacks persisted with consistent intensity through July 13 before subsiding in subsequent days. Affected entities spanned critical infrastructure and non-sensitive portals alike, including high-profile targets such as the Department of National Defense, Department of Foreign Affairs, and Bangko Sentral ng Pilipinas (central bank). Smaller agencies like the Komisyon sa Wikang Pilipino (Filipino language regulator), National Archives, Manila City Hall, and East Avenue Medical Center were also impacted. Local government units and municipal portals experienced disruptions that hindered routine administrative functions. The scale of targeting—from major national institutions to minor regional offices—significantly impaired government operations, rendering some services temporarily inaccessible.
On July 16, officials discovered two defaced government websites displaying messages attributed to the "Chinese government," though the associated Twitter account linked to the defacements belonged to an inactive Anonymous member. While Philippine authorities could not conclusively identify the attackers, the timing strongly suggested Chinese hacker involvement given the geopolitical context of the Hague ruling. The attacks occurred amid extreme diplomatic tensions between the two nations, described as nearing a state of conflict. No technical details about attack vectors, mitigation efforts, or forensic findings were disclosed. The disruptions complicated governmental operations for multiple days, particularly affecting smaller agencies with limited IT resources. Concurrently, the article noted that Philippine hacktivist groups Anonymous and LulzSec remained active, implying potential retaliatory cyber campaigns against Chinese entities might follow.