Threat Actor: DeathNote Hackers | DeathNote Hackers
Victim: ABS-CBN | ABS-CBN
Price: Not disclosed
Exfiltrated Data Type: Session cookies, credentials, login URL
Key Points :
- The breach targeted ABS-CBN’s cloud-based operations managed via Amagi, a SaaS platform for broadcasting.
- Multiple ABS-CBN channels were affected, including Kapamilya Dagupan, TFC EU, and others across various regions.
- The hackers gained access to critical operational controls but did not hijack any broadcast feeds.
- The attack was executed through a series of targeted phishing attacks, leading to the theft of sensitive information.
- Despite gaining access, the DeathNote Hackers chose not to delete any scheduled content, indicating a strategic approach to their objectives.
Manila, Philippines – This week, the Deathnote Hackers have struck again, targeting ABS-CBN’s cloud-based operations. The breach occurred within an operator managing ABS-CBN’s broadcasting services via Amagi, a leading SaaS platform for broadcast and connected TV.
Details of the Breach:
The compromised operator manages multiple ABS-CBN channels, including:
- Kapamilya Dagupan
- TFC EU
- KapChan
- Varsity
- TFC NA West
- TFC CA East
- TFC ME
- TFC GUAM
- TFC ASIA
- Kapamilya Channels in Baguio, Cebu, Iloilo, Zamboanga, Bacolod, Davao, and Gensan
Amagi’s platform, primarily responsible for scheduling feeds and playouts, enables broadcasters to remotely manage TV channels across traditional cable, satellite, and OTT streaming services. The breached operator handles commercial breaks and advertisement placements across these channels. Despite the access, the hackers did not attempt any hijacking of broadcast feeds.
The breach was carried out through a series of targeted attacks. The operator was eventually tricked into clicking on a malicious payload link, resulting in the theft of session cookies, credentials, and the login URL necessary to access Amagi’s platform.
Although the breach did not result in the hijacking of broadcasts, the attackers gained access to critical operational controls, potentially allowing them to disrupt or manipulate scheduled commercial assets. However, the DeathNote Hackers opted not to delete any scheduled content, deeming it unsatisfactory for their objectives.
References:
- SAMENA Daily News: Philippines ABS-CBN Corporation pushes operations to the cloud with Amagi
- Sports Video: Philippines ABS-CBN Corporation pushes operations to the cloud with Amagi