Cyber Incident Victim: National Disaster Risk Reduction and Management Council

On July 12, 2016, coinciding with the Permanent Court of Arbitration's ruling favoring the Philippines in a maritime dispute with China over territorial claims in the West Philippine Sea, a series of distributed denial-of-service (DDoS) attacks targeted 68 Philippine government websites. The attacks commenced in the afternoon and persisted with consistent intensity through July 13, disrupting operations across multiple agencies. Among the primary targets was the National Disaster Risk Reduction and Management Council (NDRRMC), alongside other critical entities including the Department of National Defense, Department of Foreign Affairs, and Bangko Sentral ng Pilipinas. Smaller, non-sensitive portals such as the Komisyon sa Wikang Pilipino, Manila City Hall, and local government unit websites were also impacted. The sustained attacks severely hindered government functions, rendering some services temporarily inaccessible or significantly degraded during the two-day period.

By July 16, officials discovered two government websites had been defaced with a message attributed to the "Chinese government," though the linked Twitter account belonged to an inactive Anonymous member. While Philippine authorities acknowledged the defacements and DDoS disruptions, they did not conclusively attribute the attacks. The timing—immediately following the international tribunal's ruling against China’s territorial claims—led officials to suspect Chinese-linked actors, though no technical evidence confirmed this. The incident exacerbated existing diplomatic tensions between the two nations, described as nearing a state of conflict. Concurrently, the presence of active Philippine-based hacktivist groups like Anonymous and LulzSec suggested potential retaliatory cyber operations against Chinese infrastructure, though no such actions were documented in the immediate aftermath of the attacks.