Hackers believed to be working in China breached into the e-mail methods and inner web sites of a number of authorities companies that used a cloud service supplier, almost definitely to assemble data, the Department of Information and Communications Technology (DICT) stated on Saturday.
DICT Undersecretary for Cybersecurity Jeff Ian Dy stated the division, in cooperation with the cloud service supplier, detected and mitigated the scenario from additional escalation by shutting down the entry of hackers.
Dy stated it was notified two weeks in the past in regards to the cyber-attack, which focused customers of the cloud service.
Specifically for the Philippines, Dy stated the hackers focused these with “gov.ph” domains.
“So ang target niya ay government emails and websites (So the targets are government emails and websites),” he stated on the Saturday News Forum in Quezon City.
The DICT official stated that the e-mail domains focused by hackers had been:
- cabsec.gov.ph
- coastguard.gov.ph
- cpbrd.congress.gov.ph
- dict.gov.ph
- doj.gov.ph
- ncws.gov.ph
Dy stated personal domains had been additionally focused, together with www.bongbongmarcos.com (pbbm.com.ph) —the personal web site of President Ferdinand “Bongbong” Marcos Jr.
The DICT official said the cyber-attack, which he described as “academically perfect,” was probably done by one of the three notorious hacking groups: Lonely Island, Meander, and Panda.
“These are believed to be advanced threat groups that operate within the ambit of Chinese territories,” Dy said.
He said the hackers specifically targeted the administrators of the said government agencies’ email domains.
“Hinahanap nila kung sino ‘yung nagla-log in as administrator, selective siya. Kapag nakita niya na ito ay administrator, ‘yun na, doon siya kukuha ng information sa iyo. Tinitingnan niya kung ilan ang mailbox ninyo so hindi niya inatake ang mga mailbox. Ang hinahanap niya administrator,” Dy said.
“Ngayon kung tatanungin niyo ano ang ginawa niya. Doon nga ako nagtataka ngayon, although the investigation is still ongoing, doon ako nagtataka, pagkakuha niya ng administrator, wala na,” he added.
The DICT said that the hackers, after determining the administrators of the email domains, may use the credentials and sensitive information of the administrators “for no matter objective.”
“Their objective may be to gather information for years and strike when the time comes,” Dy said, noting that if the hack was perpetrated by a state actor, it could be considered cyber espionage.
“But let me once more emphasize with the assistance of [the cloud service provider] themselves and our workforce, together with CICC (Cybercrime Investigation and Coordinating Center) na preempt naman ito. So, we are actually within the technique of cleansing and eradicating all these traces,” he added.
Dy stated the DICT had already communicated with every of the directors of the e-mail domains to plan the subsequent plan of action to stop one other cyber-attack.
Late final yr, a number of authorities web sites had been attacked, such because the Philippine Health Insurance Corp. (PhilHealth) which was hit by a ransomware assault that resulted within the leak of its information.
Also hacked, final yr, had been the web sites of the Philippine Statistics Authority (PSA), the Philippine National Police (PNP), and the Department of Science and Technology (DOST). — DVM, GMA Integrated News
Source: www.gmanetwork.com