 "China’s Foreign Ministry denied any involvement, stating that it opposes all forms of hacking and cyberattacks and criticised what it termed groundless political speculation. Image Credit: Reuters")
In a significant cybersecurity breach, Chinese state-sponsored hackers reportedly infiltrated the computer systems of the Philippine government, targeting the executive branch. The attack, which spanned several years, resulted in the theft of sensitive data, including military documents.
Cybersecurity experts identified the breach as early as 2023, with further evidence of infiltration flagged in August 2024. A report by Bloomberg News reveal that the president’s office sought details about the breach in May 2024.
Years of breaches expose critical vulnerabilities
The cyberattacks, described as persistent and advanced, were linked to tactics commonly associated with the hacking group APT 41, a state-sponsored entity known for its sophisticated operations. The stolen data reportedly included military documents, some relating to the Philippines’ territorial dispute in the South China Sea. Additionally, the hackers compromised other institutions, including hospital networks, highlighting the widespread nature of the campaign. The breaches were said to have occurred from early 2023 through mid-2024.
Officials confirmed the ongoing nature of such attacks but refrained from specifying whether the president’s office or other key agencies were directly breached. Jeffrey Ian Dy, undersecretary for cybersecurity at the Department of Information and Communications Technology (DICT), noted that these cyberattacks are consistent with advanced persistent threats, targeting vulnerabilities in legacy systems and outdated software.
International allies step In to support cybersecurity efforts
The Philippines has received support from allies, including Australia, Japan, the United States, and the United Kingdom, as well as assistance from cybersecurity firms. While the Federal Bureau of Investigation (FBI) was informed of the breaches, it declined to comment. China’s Foreign Ministry denied any involvement, stating that it opposes all forms of hacking and cyberattacks and criticised what it termed groundless political speculation.
Dy emphasised the challenges of repelling daily cyberattacks across various government branches, citing hundreds of thousands of attempts. He acknowledged that some breaches targeted outdated systems, with old data occasionally being reposted by attackers. However, he reassured that many attempts are detected early, allowing systems to be secured before sensitive data is compromised.
Philippines under constant cyber siege
At a press briefing, Dy revealed that public-facing government platforms, such as help desks, are often targeted. Despite the ongoing threats, he maintained that no current data has been compromised and challenged claims of successful data extractions. Dy reiterated that the government remains vigilant, continuously upgrading systems and enhancing defences to counter increasingly sophisticated cyber threats.
The breaches underscore the growing cybersecurity risks faced by governments worldwide, especially in a region fraught with geopolitical tensions. For the Philippines, strengthening digital infrastructure and addressing legacy vulnerabilities are now critical to safeguarding national security.