Who is terrorizing government organizations and what is their purpose?
According to a study by SentinelOne, ideologically motivated hacker groups are increasingly trying to destabilize the situation in the Philippines through cyber attacks. In particular, the Ikaruz Red Team hacktivist association uses leaked constructors of popular ransomware programs to launch attacks on government targets in this country.
Experts note that Ikaruz Red Team uses such well-known malware families as LockBit, Vice Society, Clop and AlphV to conduct small-scale attacks. The group also makes publicly available stolen data from various Philippine organizations. At the same time, extortionate emails sent to victims are copied almost verbatim from standard LockBit templates, with the exception of the group name in the header. Contact details for negotiations are not provided.
According to the researchers, this tactic indicates the unwillingness or inability of hackers to conduct classic ransom negotiations, which is not typical for professional cybercrime groups. Their main driving force, apparently, is the desire to disrupt systems, destabilize the situation and draw attention to their activities through publications in social networks.
These observations are confirmed by data from another cybersecurity company, Resecurity. According to its report , in the first quarter of 2023, the number of cyber attacks against the Philippines soared by 325% compared to the previous period. At the same time, the activity of hacktivist groups and disinformation campaigns has almost tripled.
The Philippines has been at the forefront of a territorial standoff with China over its claims in the South China Sea. As the closest ally of the United States, the island nation finds itself at the epicenter of this regional conflict.
Although researchers do not directly link Ikaruz Red Team to the activities of state-run hacking groups, the line between hacktivism and official cyber operations in the Philippines is quite blurred. Resecurity, for example, has discovered that the China-linked Mustang Panda group is waging "sophisticated information warfare campaigns" against the country.
In April 2023, the Department of Science and Technology of the Philippines was subjected to a cyber attack, for which the #opEDSA group claimed responsibility. The attackers stole at least two terabytes of data and blocked employees ' access to the agency's systems.
"The first message of the attackers was political," said Renato Paraiso, Assistant Secretary of the Department of Information and Communication Technologies. "So we don't rule out that this could be part of a hacktivist activity or something more sophisticated and malicious."
Thus, the Philippines is becoming a new hot spot for the activity of various hacker groups-both ideologically motivated and related to government structures. Their activities threaten the country's critical infrastructure and weaken its cybersecurity amid growing regional tensions.
According to a study by SentinelOne, ideologically motivated hacker groups are increasingly trying to destabilize the situation in the Philippines through cyber attacks. In particular, the Ikaruz Red Team hacktivist association uses leaked constructors of popular ransomware programs to launch attacks on government targets in this country.
Experts note that Ikaruz Red Team uses such well-known malware families as LockBit, Vice Society, Clop and AlphV to conduct small-scale attacks. The group also makes publicly available stolen data from various Philippine organizations. At the same time, extortionate emails sent to victims are copied almost verbatim from standard LockBit templates, with the exception of the group name in the header. Contact details for negotiations are not provided.
According to the researchers, this tactic indicates the unwillingness or inability of hackers to conduct classic ransom negotiations, which is not typical for professional cybercrime groups. Their main driving force, apparently, is the desire to disrupt systems, destabilize the situation and draw attention to their activities through publications in social networks.
These observations are confirmed by data from another cybersecurity company, Resecurity. According to its report , in the first quarter of 2023, the number of cyber attacks against the Philippines soared by 325% compared to the previous period. At the same time, the activity of hacktivist groups and disinformation campaigns has almost tripled.
The Philippines has been at the forefront of a territorial standoff with China over its claims in the South China Sea. As the closest ally of the United States, the island nation finds itself at the epicenter of this regional conflict.
Although researchers do not directly link Ikaruz Red Team to the activities of state-run hacking groups, the line between hacktivism and official cyber operations in the Philippines is quite blurred. Resecurity, for example, has discovered that the China-linked Mustang Panda group is waging "sophisticated information warfare campaigns" against the country.
In April 2023, the Department of Science and Technology of the Philippines was subjected to a cyber attack, for which the #opEDSA group claimed responsibility. The attackers stole at least two terabytes of data and blocked employees ' access to the agency's systems.
"The first message of the attackers was political," said Renato Paraiso, Assistant Secretary of the Department of Information and Communication Technologies. "So we don't rule out that this could be part of a hacktivist activity or something more sophisticated and malicious."
Thus, the Philippines is becoming a new hot spot for the activity of various hacker groups-both ideologically motivated and related to government structures. Their activities threaten the country's critical infrastructure and weaken its cybersecurity amid growing regional tensions.
