Cyberattacks Surge in Philippines: 325% Increase Blamed on Geopolitics

In the first quarter of 2024, the Philippines witnessed a sharp increase in cyberattacks amid escalating tensions in the South China Sea, as reported by Resecurity. Compared to the same period last year, the number of cyberattacks rose by nearly 325%. It was noted that the activity of hacktivist groups and various disinformation campaigns had tripled.

The trend continued into the second quarter of 2024: since the beginning of April, Resecurity has recorded numerous attacks carried out by previously unknown hacker groups. These attacks are characterized by a blend of hacktivists’ ideological motives and state-sponsored propaganda.

Resecurity identifies the group Mustang Panda, which is associated with China, as one of the active participants in regional cyber information warfare. The use of pseudonyms related to hacktivism allows threat actors to conceal their true identities, fostering the illusion of internal social conflict.

In its analysis of threat group activities, Resecurity highlights several key actors accelerating their activities, including Philippine Exodus Security (PHEDS), Cyber Operation Alliance (COA), Robin Cyber Hood (RCH), and DeathNote Hackers (Philippines). Collaboration among some of these groups with Arab Anonymous and Sylnet Gang-SG has also been observed.

Analysts consider the observed activity to be the preparatory groundwork for broader malicious actions in the region, including cyber espionage and targeted attacks on government bodies and critical infrastructure. Primary targets of these attacks include the Department of Interior and Local Government, the Bureau of Plant Industry, the Philippine National Police, and the Bureau of Customs.