DICT: Attackers traced to China Unicom, hit PCG, PBBM’s website
The country’s cybersecurity experts have successfully blocked various hacking attempts coming from within China in a cyberattack that targeted various government email addresses, including that of the Philippine Coast Guard (PCG) and the private website of President Marcos, the Department of Information and Communications Technology (DICT) reported yesterday.
“We were able to detect that the attackers were coming from China Unicom. So, I think we will need to coordinate with them so that they can help us in this investigation,” DICT Undersecretary Jeff Ian Dy said partly in Filipino during the Saturday News Forum in Quezon City.
China Unicom is a Chinese state-owned telecommunications operator.
The cyberattack also tried to breach email systems and internal websites of several government agencies that used Google Workspace in a bid to gather information. Dy said the DICT and Google believe at least three “advanced threat groups” were behind the attack, which he said could also be classified as “cyber espionage” as the motivation was to “gather information.”
Dy, however, clarified the DICT is not accusing China of involvement, only that it found out that the “threat actors were operating from within Chinese territory.”
“These did not push through, but they were a type of brute force attack aimed at taking down our Overseas Workers Welfare Administration or OWWA,” he added.
Dy said the hacking attempt was first reported by Google two weeks ago. The attack on the OWWA website happened earlier and had a different perpetrator whom the DICT traced to be operating in China.
He said the government would need to coordinate with Beijing regarding the attempted hijacking. He also highlighted spyware or espionage activities, potentially perpetrated by threat actors or advanced threat groups detected by Google’s tactical information security arm.
These activities were associated with state-backed cybersecurity actions, targeting government email addresses, specifically those of the Coast Guard, the National Coast Watch (NCW), and the DICT.
“In fact, private domains were also targeted in their attack, but these were also defended, including the website of our President, bongbongmarcos.com (pbbm.com.ph),” Dy said.
“This kind of attack involves significant spending on research and development and technology to conceal its activities, which is why we call it an advanced persistent threat. This type of attack only monitors,” he explained.
Dy also identified current threats, including those posed by hackers, artificial intelligence-generated (AI) robocalls, and the vulnerability of the country’s submarine cables, crucial for the operations of the business process outsourcing (BPO) sector.
Other digital assets reportedly targeted were Google Workspaces, specifically the domain administrators of the Cabinet Secretary, the Department of Justice, and the Congressional Policy and Budget Research Department of the Congress.