黑料社

The Department of Information and Communications Technology (DICT) on Saturday said that it had blocked cyberattacks from 鈥渨ithin China鈥� on the Overseas Workers Welfare Administration (Owwa), and on the mailboxes of the DICT itself, the Philippine Coast Guard (PCG) and President Marcos鈥� official website.

Communications and Technology Undersecretary Jeffrey Ian Dy said the attempted hacking of Owwa鈥檚 web applications about three weeks ago was made from an internet protocol (IP) address traced to a location in China, which he did not disclose.

鈥淚t was a brute force attack to take down the Owwa, but it did not succeed because we were able to attack it,鈥� Dy said in the Saturday 黑料社 Forum in Quezon City. 鈥淚n our investigation, we were able to trace the attacker鈥檚 command and control operating from within China.鈥�

He said the attackers were 鈥渃oming from China Unicorn,鈥� a Chinese state-owned telecommunications company.

鈥淚 think we will need to coordinate with them so they can help us in this investigation,鈥� he said.

Asked if the Chinese government was possibly involved in the cyberattack, Dy said: 鈥淲e cannot say that. What we can say is that the threat actors were operating from within Chinese territory.鈥�

Very sophisticated

鈥淲e will coordinate with China to help us find this group. But the point is, we don鈥檛 want to also underestimate this type of attack because it is very, very complex and sophisticated,鈥� he said.

The agency, in cooperation with Google, also thwarted separate cyberattacks that targeted government email addresses and Google Workspaces. He did not say where the attacks came from.

Three 鈥渁dvanced threat groups鈥� targeted and lurked in government mailboxes and Google Workspaces of the DICT, the PCG鈥檚 National Coast Watch and even the President鈥檚 official personal website, bongbongmarcos.com.

He said the three groups Lonely Island, Meander and Panda were suspected in these attacks.

鈥淭hese are believed to be advanced threat groups that operate within the ambit of Chinese territories鈥攖hat is all I can say鈥攏ot necessarily government,鈥� Dy said.

On Beijing鈥檚 radar

The PCG has been on the radar of the Chinese authorities in recent years as Beijing aggressively asserts its claims to nearly the entire South China Sea, including the West Philippine Sea, waters within the 370-kilometer exclusive economic zone of the Philippines.

Owwa is the main agency in charge of the millions of Filipinos working abroad whose billions of dollars in annual remittances provide critical economic support that helps to keep the national economy afloat.

Google informed the DICT of the attack on the Google Workspaces of the DICT and the PCG, according to Dy.

Private domains and the website of the President were targets of these attacks but these were thwarted, he said.

鈥淚n this kind of attack, they just monitor. They don鈥檛 see the contents of the emails,鈥� he said.

鈥楥aught early鈥�

鈥淏ut the ploy is to check the traffic flow of emails鈥攚ho sent it and who received it,鈥� the official said. 鈥淚t鈥檚 like spyware, it鈥檚 surveillance. The target is really government emails and websites.鈥�

The suspected cyberattacks by Lonely Island, Meander and Panda were 鈥渁ssociated with certain state-backed types of cybersecurity activities,鈥� Dy said without identifying the possible state backers.

Unlike ransomware attacks in which perpetrators announce their spoils on the Dark Web, Dy said the attacks involved investing heavily in research and development to 鈥渉ide its tracks, hence it is an advanced persistent threat.鈥�

The communications and technology undersecretary said their analysis showed that the attackers were unable to view the contents of emails.

鈥淚t鈥檚 a good thing that we were able to defend ourselves and we caught it early. I would like to surmise that if we were not able to detect it, that could be their possible target,鈥� he said.

鈥榁olt Typhoon鈥�

While the Philippine official was careful not to directly attribute the cyberattacks to the Chinese government, the United States has said that it had recently successfully dismantled a China-based hacking network known as 鈥淰olt Typhoon.鈥�

It accused the group of infiltrating critical US infrastructure networks with the goal of disabling them in the event of conflict, according to the French news agency, Agence France-Presse (AFP) in a report on Thursday.

The group鈥攁ctive since 2021鈥攊s allegedly primed to cripple sectors spanning communications, transportation and government.

The FBI has said that China has the biggest hacking program of any country.

Beijing has dismissed the claims as 鈥済roundless鈥濃�攁nd pointed to the United States鈥� own history of cyberespionage.

Washington has warned that China represents 鈥渢he broadest, most active and persistent cyberespionage threat鈥� to its government and private sector.

Its hackers have become adept in recent years at breaking into rival nations鈥� digital systems to gather trade secrets, according to researchers and Western intelligence officials.

In 2021, the United States, Nato and other allies said China had employed 鈥渃ontract hackers鈥� to exploit a breach in Microsoft email systems, giving state security agents access to sensitive information.

Chinese spies have also hacked the US energy department, utility companies, telecommunications firms and universities, according to US government statements and media reports.

Beijing has been linked to 90 cyberespionage campaigns since the turn of the century鈥�30 percent more than its close partner Russia, Benjamin Jensen, senior fellow at the Center for Strategic and International Studies, told Congress last year.

Key targets

Hackers linked to the Chinese government are targeting critical US infrastructure, preparing to cause 鈥渞eal-world harm鈥� to Americans, FBI Director Christopher Wray told a congressional committee on Wednesday, according to a Reuters report.

Water treatment plants, the electric grid, oil and natural gas pipelines, and transportation hubs are among the targets of state-sponsored hacking operations, he told the House of Representatives Select Committee on competition with China

Wray spoke the same day US officials announced that they had disrupted a sweeping Chinese cyberspying operation.

READ: US State Department warns China could hack infrastructure, including pipelines, rail systems

鈥淭hey鈥檙e not focused just on political and military targets. We can see from where they position themselves across civilian infrastructure, that low blows aren鈥檛 just a possibility in the event of conflict, low blows against civilians are part of China鈥檚 plan,鈥� he said.

The Chinese foreign ministry did not immediately respond to a Reuters request for comment on the matter.

Wray stressed that US government concerns were not linked to Chinese Americans or Chinese nationals in the United States, who he said were themselves often targets of Beijing鈥檚 鈥渁ggression.鈥� 鈥擶ITH REPORTS FROM AFP AND REUTERS聽