Misinformation and hacktivist campaigns targeting the Philippines skyrocket

Pierluigi Paganini April 16, 2024

Amidst rising tensions with China in the SCS, Resecurity observed a spike in malicious cyber activity targeting the Philippines in Q1 2024.

Amidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines in Q1 2024, increasing nearly 325% compared to the same period last year. The number of cyberattacks involving hacktivist groups and foreign misinformation campaigns has nearly tripled. In Q2 2024, this growth trajectory continues, with Resecurity observing multiple cyberattacks staged by previously unknown threat actors. These attacks are characterized by the intersection of ideological “hacktivist” motivations and nation-state-sponsored propaganda.

One prolific example of this dynamic is the China-linked Mustang Panda group, which Resecurity observed using cyberspace to stage sophisticated information warfare campaigns. There is a thin line between cybercriminal activity (supported by the state) and nation-state actors engaging in malicious cyber activity. Leveraging hacktivist-related monikers allows threat actors to avoid attribution while creating the perception of homegrown social conflict online. This tactic is often combined with false-flag attacks originating under publicly known threat-actor profiles to keep a distance from the real intellectual authors of these malign campaigns.

According to experts, the underground scene of actors is represented by the following threat groups accelerating their activity – Philippine Exodus Security (PHEDS), Cyber Operation Alliance (COA), Robin Cyber Hood (RCH), and DeathNote Hackers (Philippines), as well as independent actors and mercenaries recruited to conduct targeted attacks. Notably, some of these groups were also spotted collaborating with Arab Anonymous and Sylnet Gang-SG.

Resecurity interprets this activity as pre-staging for broader malicious, foreign cyber-threat actor activity in the region, including cyber espionage and targeted attacks against government agencies and critical infrastructure. Multiple government resources such as the Department of Interior and Local Government, Bureau of Plant Industry, Philippine National Police, and Bureau of Customs have been targeted.

The full report is available here.


Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – misinformation, The Philippines)

you might also like

leave a comment