Philippine army confirms attack on its networks

The Philippine Army has disclosed a cyberattack following reports that a local hacking group claimed to have breached its systems and accessed highly confidential documents.

Army spokesperson Col. Louie Dema-ala confirmed the incident on Wednesday, describing it as an “illegal access attempt” that was swiftly contained. He did not name the group behind the attack but stated that it had been identified, adding that no damage or data theft had been detected so far.

“The Army is currently conducting countermeasures to prevent such cybersecurity incidents in the future,” Dema-ala added.

Earlier this week, the Philippines' digital security advocacy group Deep Web Konek reported that a hacker group known as Exodus Security claimed responsibility for the attack, stating it had compromised 10,000 records belonging to active and retired service members.

The leaked information reportedly includes sensitive personal and military details, such as names, ranks, addresses, medical records, financial data and criminal histories, researchers said. Deep Web Konek also added that the authenticity and exact volume of stolen data have not been verified.

In a statement, the hackers said that the army breach exposes “the complete failure of Philippine military cybersecurity,” warning that if local hackers could achieve such an infiltration, foreign state-sponsored threat actors from China, Russia, or North Korea could potentially do far worse.

Reportedly founded in 2009, Exodus Security is one of the most active hacker groups in the region, carrying out distributed denial-of-service (DDoS) attacks and leaking stolen data from targets in the Philippines and other countries.

Earlier in February, the threat actor also claimed responsibility for the attack on the Philippine Navy. Its spokesperson told local media that the agency had launched an investigation into the alleged hacks and implemented additional security measures to safeguard its systems.

Philippine authorities also recently detected foreign attempts to access intelligence data. The country’s minister for information and communications, Ivan Uy, said that foreign state hackers had repeatedly attempted but failed to infiltrate government systems.

In January, authorities arrested a Chinese national and two Filipino citizens suspected of conducting surveillance on critical infrastructure, including military facilities. The same month, Bloomberg reported that Chinese state-sponsored hackers had infiltrated a Philippine government agency, stealing sensitive data as part of a multi-year cyber espionage campaign.

In a report last year, researchers noted that cyberattacks and misinformation campaigns had increased dramatically in the Philippines as geopolitical tensions escalated in the region. The report attributes much of the activity to hacktivist groups attempting to undermine confidence in government institutions. The operations appear to be domestic in origin but are likely tied to foreign entities.