The Department of Science and Technology was also among the government agencies hacked. PHOTO BY DOST.GOV.PH

MANILA, Philippines – Hackers believed to be operating in the country illegally gained access to the Department of Science and Technology (DOST) network, compromising 2 terabytes of data, including research plans, projects and schemes, the Department of Information and Communications Technology (DICT) confirmed on Wednesday.

Assistant Secretary for Information and Communications Technology Renato Paraiso, in an interview with the Inquirer, said the DOST was “prevented” from recovering the documents following the hacking incident.

“When you say blocked, you don't have access to that data. If you are the custodian, you can check out various files and documentation. Right now, they can’t,” he explained.

READ: Hackers break into Coast Guard Facebook page again

Paraiso added that DOST administrators and IT staff were unable to log into the system “because their logins were also compromised.”

This latest hacking incident involving a government agency delays the approval of pending patents and other research and development initiatives of the DOST, the DICT official said.

TO READ: Philippines fends off cyber attacks from China-based hackers

Local threat actors

The DICT's National Computer Emergency Response Team (NCERT) was sent to investigate the matter and initial findings confirmed that local threat actors were involved in the hacking incident, which meant that the cyber attack originated in the country.

“We have a good idea of ​​what happened,” Paraiso said. However, he noted that they could not release further details at this time due to the ongoing investigation.

Asked when the DOST will fully regain control of its network, he said: “It really depends on the extent of the damage. We’re still trying to figure it out.”

For now, the NCERT has isolated systems and devices that could have been affected by the cyber attack and also inspected the Wi-Fi network as a cybersecurity measure.

“We are doing a very thorough investigation,” Paraiso promised.

Science and Technology Secretary Renato Solidum Jr. said on Wednesday that “immediate action” has already been taken to resolve the hacking incident on one of its infrastructures, the second time the agency has been attacked by cybercriminals.

Solidum acknowledged reports of hacking into one of the DOST's IT infrastructures – or the combined components such as computers, network and data platform required to run an agency's operations – saying such an incident would raise concerns among stakeholders and the public.

“[W]We want to assure you that we are treating this matter with… the utmost seriousness,” he said in a statement. “Our technical teams are working diligently to resolve any vulnerabilities and strengthen our cyber defenses.” Recovery plan started

Recovery plan started

In August last year, the National Privacy Commission reported that the email addresses of around 1,000 experts and clients registered on the DOST's OneExpert portal had been leaked.

READ: DOST also hacked: Email addresses leaked

The DOST was among three government agencies that suffered a ransomware attack at the time, along with the Philippine National Police and state-run health insurer Philippine Health Insurance Corp.

For this specific incident, Solidum did not say what type of hacking occurred at DOST, but assured the public that the agency was already conducting a “comprehensive settlement” on the damage caused by the attack.

“The recovery plan has begun and the ongoing effort to roll back systems will continue as we finalize the impact assessment of the incident,” Solidum said.

A cyber defense group called “Deep Web Konek” posted on its Facebook page that several DOST websites were defaced by the “threat actor” known as a certain “ph1ns”.

According to the group, the cyber attack was part of its operation called “#OpEDSA”.

Sites still offline

“The hacker, operating under the banner #OpEDSA, executed a meticulously planned infiltration, gaining access to critical network components including hypervisors, NAS (Network Attached Storage) devices, routers, and ultimately securing domain administrator privileges,” the group said.

Among the affected DOST sites were the technical support site, the S&T Foundation Unit, the Health Technology Assessment Division, and three of its archive sites.

As of press time, these DOST websites are still not accessible.

The hacker of the DOST websites also did some defacing, noting that the website was “seized by the Filipino people!” “Political dynasties and their oligarch (sic) allies do not represent the interests of 99% of the Filipino people,” read the hacker’s defacement, signed “#opEDSA.”

High cost of hacking

Although the DICT has not yet completed its investigation, Paraiso explained that hackers could gain remote, or online, access to an entity's network.

One example is the release of malicious software – or malware for short – designed to disrupt servers or computer networks, he noted.

Meanwhile, other hackers target the personal devices of employees or members of an organization.

A common scheme involves hackers sending emails with suspicious links to business emails of company employees. These links lead to fake websites and trick them into providing private corporate information. The illegally obtained data can then be used by hackers to enter the system.

Paraiso explained that the motivation of hackers may be different, but some were financially motivated, referring to those who launched ransomware attacks. In this digital attack, hackers hold a system or data hostage until a ransom is paid.

Organizations in the Philippines typically spend about P55 million or $1 million to resolve a single data breach and pay ransom to regain access to the system, according to an estimate from cybersecurity firm Fortinet.

Two-fold increase

About 56 percent of organizations surveyed in the Philippines said they saw a twofold increase in ransomware attacks last year compared to 2022, Fortinet said, noting that more digital threats of the same type are expected to cause problems for companies this year .

Ian Felipe, country manager at enterprise technology firm Trend Micro Philippines, previously said government agencies were the usual targets of cyberattacks given the significant amount of sensitive information they handle.

Meanwhile, cybersecurity group Deep Web Konek said on Wednesday that there was a “reportedly massive leak of 152 GB (gigabyte) of Philippine citizen ID card, which was likely to the Philippine Statistics Authority,” adding that was “working on the veracity of the leak”.

Unable to save your signature. Please try again.

Your subscription was successful.

Paraiso said this cyber attack has not yet been confirmed.