OPINION

Full-blown virtual war (1)

What we have seen so far are old data from many years ago that are being regurgitated or recycled just to make an impression that they were successful in doing so.

Chito Lozada

Online security breaches have intensified this year as hackers, who are getting state support and thus are provided with almost inexhaustible resources, become brazen while acquiring increased sophistication.

Business news outfit Bloomberg reported on Wednesday that Chinese state-sponsored hackers penetrated the executive branch and stole sensitive data, quoting three government sources.

Cybersecurity experts revealed an infiltration of the executive branch and reported it to officials in 2023, and the same breach was flagged again in August of last year.

According to the report, the President’s office was among those targeted.

Government agencies have been subjected to constant threats but many such attempts were thwarted, according to local security officials.

Information and Communications Technology Secretary Ivan John Uy indirectly confirmed the attack on the President’s office, saying, “there are always attempts” to hack the President’s office but authorities manage to detect them and secure the database.

“What we have seen so far are old data from many years ago that are being regurgitated or recycled just to make an impression that they were successful in doing so,” Uy said.

While the Department of Information and Communications (DICT) confirmed the persistent and consistent attempts to infiltrate the President’s office, it said these were not successful and no data was stolen.

The stolen “regurgitated” data included military documents, some of which were related to the China-Philippines ongoing territorial dispute over the South China Sea.

The attack on the President’s office was part of a broader espionage campaign that compromised multiple Philippine agencies and other organizations within the Philippines, including hospital networks.

Most of the attacks, as well as the data theft, took place from early 2023 to June 2024 and the attackers used tactics often associated with a prolific Chinese state-affiliated hacking group known as APT41.

International cybersecurity firm Sophos, which has been tracking the breaches on Southeast Asian governments, exposed in its Pacific Rim report that China was the usual source of cyberattacks in the region.

Sophos conducted a five-year investigation that chronicled intense digital skirmishes with multiple interlinked nation-state adversaries based in China, targeting critical infrastructure and government entities across South and Southeast Asia.

From nuclear energy suppliers to national capitals, the report exposed a sprawling campaign marked by stealth, persistence and sophisticated tactics.

“After the initial attacks were thwarted, the adversaries escalated their efforts and brought in more experienced operators. We uncovered a vast adversarial ecosystem,” Sophos indicated in the report.

The attackers utilized novel exploits, customized malware, and overlapping tactics with notorious groups like Volt Typhoon, APT31, and APT41.

APT31 was named in the Bloomberg report as the most persistent hacker.

Their targets included military hospitals, airports, state security apparatus and central government ministries — revealing a chilling focus on undermining societal pillars.

Sophos X-Ops, the company’s threat intelligence unit, armed with advanced detection and response techniques, neutralized attacks while simultaneously gathering vital threat intelligence to preempt future operations.

What the report highlighted was the importance of cooperation between private companies, governments and law enforcement in hacking incidences.

Sophos said it worked closely with organizations like the Cybersecurity and Infrastructure Security Agency and NCSC-NL to share intelligence and disrupt adversarial operations.

Sophos’ Pacific Rim report provides invaluable insights into the evolving tactics of Chinese nation-state actors. Collaborative efforts like this are essential to defending global critical infrastructure, a company official indicated.

(To be continued)