The Department of Information and Communications Technology (DICT) reported that the country’s cybersecurity experts successfully blocked various hacking attempts coming within China.
“We would like to report that in the past weeks, there were cybersecurity incidents or attacks that we were able to defend,” DICT Undersecretary Jeff Ian Dy said partly in Filipino during a Saturday news forum in Quezon City.
“These did not push through, but they were a type of brute force attack aimed at taking down our Overseas Workers Welfare Administration or OWWA, as you can see on the screen,” he added
Tracing where the attack came from, Dy said the attacker’s ‘command and control’ was found within China.
Dy stated that the government would need to coordinate with Beijing regarding the attempted hijacking of a government website.
When asked if the Chinese government is directly involved, Dy mentioned that they could not confirm.
Dy also highlighted spyware or espionage activities, potentially perpetrated by threat actors or advanced threat groups detected by Google’s tactical information security arm.
These activities were associated with state-backed cybersecurity actions, targeting government email addresses, specifically those of the Philippine Coast Guard (PCG), National Coast Watch (NCW), and the DICT.
“In fact, private domains were also targeted in their attack, but these were also defended, including the website of our President, bongbongmarcos.com (pbbm.com.ph),” Dy said.
“This kind of attack involves significant spending on research and development and technology to conceal its activities, which is why we call it an advanced persistent threat. This type of attack only monitors,” he explained.
Dy also identified current threats, including those posed by hackers, artificial intelligence-generated (AI) robocalls, and the vulnerability of the country’s submarine cables, crucial for the operations of the business process outsourcing (BPO) sector.
Other digital assets reportedly targeted were government Google Workspaces, specifically the domain administrators of the Cabinet Secretary, the Department of Justice, and the Congressional Policy and Budget Research Department of the Congress.
Dy said the hacking attempt was first reported by Google two weeks ago. The attack on the OWWA website happened earlier and had a different perpetrator whom the DICT traced to be operating in China.
“We were able to detect that the attackers were coming from China Unicom. So, I think we will need to coordinate with them so that they can help us in this investigation,” he said.
China Unicom is a Chinese state-owned telecommunications operator.
Dy, however, clarified that the DICT is not accusing China of involvement, only that it found out that the “threat actors were operating from within Chinese territory.”