DICT foils cyberattack vs. PCG, presidential admin emails

TACKLING CYBERSECURITY. Department of Information and Communications Technology (DICT) Undersecretary Jeff Ian Dy (center) discloses that the department has foiled a recent cyberattack that targeted various government email addresses, including that of the Philippine Coast Guard, at a media forum in Quezon City on Saturday (Feb. 3, 2024). Joining him are Professors Renato de Castro and Chester Cabalza who tackled the complexities of the new technology and how the government should address cyber threats. (PNA photo by Robert Oswald P. Alfiler)

MANILA – The Department of Information and Communications Technology (DICT) has foiled a recent cyberattack that targeted various government email addresses, including that of the Philippine Coast Guard (PCG) and the private website of President Ferdinand R. Marcos Jr.

At the Saturday News Forum, DICT Undersecretary Jeff Ian Dy said an investigation is ongoing but the threat had been “mitigated” after receiving an official report two weeks ago.

Dy said the DICT and Google believe at least three “advanced threat groups” were behind the attack, which he said could also be classified as “cyber espionage” as the motivation was to “gather information.”

“Itong klase ng ganitong atake, ang ginagawa lang po nito ay magmanman. Hindi naman po niya nakita iyong ating mga emails, nadepensahan naman natin although iniimbestigahan pa rin natin ngayon (In this kind of attack, all they do is observe. They were not able to see the emails because we were able to defend it but we are still conducting a probe),” he said.

“Actually ang ginagawa niya, kapag nakita niya na iyong gov.ph, nandudoon lang siya, hindi niya pinakikialaman. So, ang target po talaga niya ay government emails and websites (What they do is once they see gov.ph, they just stay put, they do not meddle with it. So, their targets really were the government emails and websites).”

Dy said the target were government Google Workspaces, specifically the domain administrators of the Cabinet Secretary, the Department of Justice, the Congressional Policy and Budget Research Department of the Congress, the National Coast Watch System, and the DICT.

The hacking attempt, he said, was first reported by Google two weeks ago.

Also last month, the DICT was able to thwart the attempted hacking of the Overseas Workers Welfare Administration’s (OWWA) web applications.

Dy said this attack happened about three weeks ago and had a different perpetrator whom the DICT traced to be operating in China.

“We were able to detect that the attackers were coming from China Unicom. So, I think we will need to coordinate with them so that they can help us in this investigation,” he said.

China Unicom is a Chinese state-owned telecommunications operator.

Dy, however, clarified that the DICT is not accusing China of involvement, only that it found out that the “threat actors were operating from within Chinese territory.”