Ikaruz Red Team: Ideologically Driven Hackers Target Philippine Government

According to research by SentinelOne, ideologically motivated hacker groups are increasingly attempting to destabilize the Philippines through cyberattacks. Notably, the hacktivist collective Ikaruz Red Team is leveraging leaked builders of popular ransomware programs to launch attacks on government targets in the country.

Experts note that Ikaruz Red Team employs well-known malware families such as LockBit, Vice Society, Clop, and AlphV to conduct small-scale attacks. The group also publicly releases stolen data from various Filipino organizations. The ransom notes sent to victims are almost verbatim copies of standard LockBit templates, except for the group’s name in the header. No contact information for negotiations is provided.

DICT Hack4Gov 2023 videos on YouTube

Researchers believe this tactic indicates the hackers’ reluctance or inability to engage in traditional ransom negotiations, which is uncharacteristic of professional cybercriminal groups. Their primary motive appears to be disrupting systems, destabilizing the environment, and attracting attention to their activities through social media publications.

These observations are corroborated by data from another cybersecurity company, Resecurity. According to its report, the number of cyberattacks against the Philippines surged by 325% in the first quarter of 2023 compared to the previous period. The activity of hacktivist groups and disinformation campaigns has nearly tripled.

The Philippines finds itself on the frontline of territorial disputes with China due to its claims in the South China Sea. As the closest ally of the United States, the island nation is at the epicenter of this regional conflict.

While researchers do not directly link Ikaruz Red Team to state-sponsored hacker groups, the line between hacktivism and official cyber operations in the Philippines is quite blurred. For instance, Resecurity discovered that the China-affiliated group Mustang Panda is conducting “sophisticated information warfare campaigns” against the country.

In April 2023, the Philippines’ Department of Science and Technology suffered a cyberattack claimed by the group #opEDSA. The attackers stole at least two terabytes of data and locked employees out of the agency’s systems.

“The initial message from the attackers was politically charged,” commented Renato Paraiso, Assistant Secretary of the Department of Information and Communications Technology. “Therefore, we do not rule out that this could be part of hacktivist activities or something more sophisticated and malicious.”

Thus, the Philippines is becoming a new hotspot for the activities of various hacker groups—both ideologically motivated and state-affiliated. Their activities threaten the country’s critical infrastructure and weaken its cybersecurity amid growing regional tensions.