DDoS Attack on Filipino Media Outlets Linked to Philippine Government and Army

 

Sweden-based digital rights nonprofit Qurium Media has reported a targeted campaign of distributed denial-of-service (DDoS) attacks on Filipino media outlets and a human rights group that appears to be coming from the country’s Department of Science and Technology (DOST) and Army. 

Qurium Media Foundation “has received a brief but frequent denial of service attacks against the Philippine alternative media outlets Bulatlat and Altermidya, as well as the human rights group Karapatan during May and June 2021,” said the organization in its online report. 

On 18 May, a DOST machine launched a vulnerability scan on Bulatlat with what Qurium said resembled Xerosecurity's "Sn1per" tool – an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. These types of network attack surface and risk assessments are rarely done without permission from a system owner and are believed to be the perpetrators checking on the status of the cyber attacks

The most recent attack noted by the Qurium group occurred on the night of June 22 and lasted several hours, wherein threat actors flooded Bulatlat’s and Altermidya’s websites with junk traffic to make it inaccessible. 

A forensic investigation carried out by Qurium revealed an identical firewall configuration, indicating action from another machine from within the organization. Its digital certificate was linked to an email address issued by the Office of the Assistant Chief of Staff for Intelligence (OG2-PAS) of the Philippine Army. 

DOST originally denied its involvement in the attack but later Rowena Guevara, the organization’s Undersecretary for Research and Development told local media that it “assist[s] other government agencies by allowing the use of some of its IP addresses in the local networks of other government agencies.” However, she did not mention the specific agency, dismissing it as the subject of a government investigation. 

Last week, media outlet ABS-CBN reported that one lawmaker has introduced a resolution in the country’s House of Representatives to investigate ‘state-sanctioned’ cyberattacks against media entities. “I think it is pretty obvious that these cyberattacks are really state-sanctioned, and that the regime has a policy of attacking critical media. I don’t think that their denial would be acceptable at this point,” Ferdinand Gaite, a Filipino politician stated.