Manila, Philippines — A cyber attack was reported earlier today as the Maritime Industry Authority (MARINA) is the latest agency that was attacked by Ph1ns. This individual, also implicated in recent attacks on government entities including the Department of Science and Technology (DOST) and the Philippine National Police (PNP), successfully breached MARINA’s critical systems. These include the Authority to Accept Payment (ATAP), Accomplishment Report Management System (ARMS), Integrated Domestic Shipping Information System (IDSIS), and SRB/SID Expedite Application System.
The Maritime Industry Authority (MARINA) is a government agency responsible for integrating the development, promotion, and regulation of the maritime industry in the country. Established by Presidential Decree No. 474 in 1974, it functions under the Department of Transportation (DOTr).
MARINA oversees various aspects of maritime operations, including the accreditation of domestic shipping operators, the implementation of maritime safety regulations, and the enhancement of the Philippine merchant fleet. It also provides financial and technological assistance to maritime enterprises and promotes the development of a skilled maritime workforce.
Ph1ns claimed responsibility which he has access to approximately 91 gigabytes of data from MARINA’s servers and exfiltrating about 20 gigabytes, including operational and administrative information vital to maritime operations. This compromised data encompasses detailed information such as principal names, company details, ship specifications (including official numbers and tonnage), and other critical maritime records stored in MARINA’s database.
Initial assessment of the Deep Web Konek on the data breach contains a comprehensive set of data fields aimed at documenting essential information related to maritime vessels. These include specific identifiers such as the principal’s name, company name, and business address associated with the vessel. Additionally, details such as the ship’s name, official registration number, and International Maritime Organization number are included for precise identification purposes. Historical data such as former ship names and previous owners are also captured, along with technical specifications like ship type, builder, place of construction, and year built.
Physical dimensions such as length, breadth, and depth, alongside tonnage metrics provide further insights into the ship’s capabilities. Details concerning modifications, including who modified the ship, where, and when, are also logged.
Various classification identifiers, operational specifics, and registration particulars such as call sign, nationality, and homeport are meticulously recorded to ensure compliance and operational transparency within the maritime sector.
Initial Intrusion and Data Compromise
In this breach, ph1ns targeted MARINA’s digital infrastructure, exploiting vulnerabilities to gain unauthorized access and reveal potential security gaps within the agency’s systems. The attack began with a reconnaissance, where hackers identified and exploited vulnerabilities within MARINA’s subdomains, pinpointing crucial entry points such as seafarers-covac.marina.gov.ph and srbsidexpedite.marina.gov.ph.
Ph1ns utilized sophisticated techniques to bypass security measures, gaining access to MARINA’s databases housing sensitive information crucial for maritime operations. This included detailed ship classifications, modifications, and ownership histories.
Techniques Used in Breach
Upon identifying the vulnerable subdomain srbsidexpedite.marina.gov.ph, which operated on a Windows server running PHP, hackers proceeded to exploit known vulnerabilities. Techniques such as “fuzzing” were employed to systematically test for accessible files and directories. Notable discoveries included critical files and directories.
The breach also involved the manipulation of file upload mechanisms to bypass security restrictions, allowing the execution of malicious code under the guise of innocuous file types like images. This exploit demonstrated a severe flaw in MARINA’s server security.
The breach extended beyond initial exploitation as ph1ns leveraged the access to the compromised server to escalate privileges, gaining administrative control. This facilitated the extraction of sensitive database information and the installation of additional tools for remote access and reconnaissance. Activities included reconnaissance on network configurations and infrastructure details like network interfaces and ARP tables.
This incident underscores the vulnerability of government agencies to sophisticated cyber threats. MARINA’s compromised systems highlight the urgent need for robust cybersecurity measures and constant vigilance against evolving tactics employed by malicious actors. Immediate steps are essential to mitigate the breach, reinforce security protocols, and restore public trust in MARINA’s data security.