cyware: Misinformation and hacktivist campaigns targeting the Philippines skyrocket

Summary: The content discusses the increase in malicious cyber activity targeting the Philippines, particularly involving hacktivist groups and foreign misinformation campaigns, amidst rising tensions with China in the South China Sea.

Threat Actor: Mustang Panda | Mustang Panda
Victim: Philippines | Philippines

Key Point :

  • Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines, increasing nearly 325% compared to the same period last year.
  • The cyberattacks involve hacktivist groups and foreign misinformation campaigns, with threat actors leveraging ideological motivations and nation-state-sponsored propaganda.
  • China-linked threat group Mustang Panda has been observed staging sophisticated information warfare campaigns in the Philippines.
  • Other threat groups involved in the cyber activity include Philippine Exodus Security (PHEDS), Cyber Operation Alliance (COA), Robin Cyber Hood (RCH), and DeathNote Hackers (Philippines).
  • The activity is seen as pre-staging for broader malicious cyber activity in the region, including cyber espionage and targeted attacks against government agencies and critical infrastructure.

Amidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines in Q1 2024, increasing nearly 325% compared to the same period last year. The number of cyberattacks involving hacktivist groups and foreign misinformation campaigns has nearly tripled. In Q2 2024, this growth trajectory continues, with Resecurity observing multiple cyberattacks staged by previously unknown threat actors. These attacks are characterized by the intersection of ideological “hacktivist” motivations and nation-state-sponsored propaganda.

One prolific example of this dynamic is the China-linked Mustang Panda group, which Resecurity observed using cyberspace to stage sophisticated information warfare campaigns. There is a thin line between cybercriminal activity (supported by the state) and nation-state actors engaging in malicious cyber activity. Leveraging hacktivist-related monikers allows threat actors to avoid attribution while creating the perception of homegrown social conflict online. This tactic is often combined with false-flag attacks originating under publicly known threat-actor profiles to keep a distance from the real intellectual authors of these malign campaigns.

According to experts, the underground scene of actors is represented by the following threat groups accelerating their activity – Philippine Exodus Security (PHEDS), Cyber Operation Alliance (COA), Robin Cyber Hood (RCH), and DeathNote Hackers (Philippines), as well as independent actors and mercenaries recruited to conduct targeted attacks. Notably, some of these groups were also spotted collaborating with Arab Anonymous and Sylnet Gang-SG.

Resecurity interprets this activity as pre-staging for broader malicious, foreign cyber-threat actor activity in the region, including cyber espionage and targeted attacks against government agencies and critical infrastructure. Multiple government resources such as the Department of Interior and Local Government, Bureau of Plant Industry, Philippine National Police, and Bureau of Customs have been targeted.

The full report is available here.

https://www.resecurity.com/blog/article/misinformation-and-hacktivist-campaigns-target-the-philippines-amidst-rising-tensions-with-china

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – misinformation, The Philippines)



Source: https://securityaffairs.com/161909/intelligence/misinformation-targeting-the-philippines.html


“An interesting youtube video that may be related to the article above”