Investigation links DDoS attack on Filipino media outlets to government agencies
A Swedish digital rights nonprofit said on Thursday that it has observed a targeted campaign of distributed denial-of-service (DDoS) attacks against Filipino media outlets and a human rights group that appear to be linked to the country’s Department of Science and Technology (DOST) and Army.
Qurium Media Foundation “has received brief but frequent denial of service attacks against the Philippine alternative media outlets Bulatlat and Altermidya, as well as the human rights group Karapatan during May and June 2021,” the organization said in a report.
The most recent attack observed by the group occurred the night of June 22 and lasted several hours, when attackers flooded Bulatlat’s and Altermidya’s websites with junk traffic to make it unreachable. In earlier attacks, Qurium observed a machine from the DOST launching a vulnerability scan on Bulatlat with what appeared to be Xerosecurity’s Sn1per tool—an automated scanner that can be used by penetration testers to map out an organization’s attack surface. In this case, the tools are more likely to be used by attackers examining the progress of their efforts, the organization said.
A forensic investigation carried out by Qurium found several links between the machine used to conduct the vulnerability scan and Filipino government organizations, including the Army’s Office of the Assistant Chief of Staff for Intelligence.
Although the DOST initially denied its involvement in the attack, the organization’s Undersecretary for Research and Development Rowena Guevara told local media that it "assist[s] other government agencies by allowing the use of some of its IP addresses in the local networks of other government agencies." Guevara stopped short of naming the specific agency, saying it was the subject of a government investigation.
On Thursday, media outlet ABS-CBN reported that one lawmaker has introduced a resolution in the country’s House of Representatives to investigate “state-sanctioned” cyberattacks against media entities.
"I think it is pretty obvious that these cyberattacks are really state-sanctioned, and that the regime has a policy of attacking critical media,” Rep. Ferdinand Gaite said. “I don't think that their denial would be acceptable at this point.”
Adam Janofsky is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.