Chinese hackers allegedly breach Philippine government systems

Chinese hackers linked to the state-sponsored group APT41 reportedly breached the Office of the President (OPS) under Ferdinand “Bongbong” Marcos Jr., according to Bloomberg. The cyber espionage campaign allegedly stole sensitive information, including military documents concerning the Philippines’ territorial dispute with China over the West Philippine Sea.

The report claims the hacking campaign targeted multiple government offices, hospital networks, and other organisations between early 2023 and June 2024. Experts had warned Philippine officials about the breach twice — first in 2023 and again in August 2024. In May 2024, the OPS reportedly reached out to one of the cybersecurity experts to seek additional details about the breach.

 

Government officials have since downplayed the impact of the attack from the alleged Chinese hackers, stating that no critical data was lost.

 

Department of Information and Communications Technology (DICT) Secretary Ivan Uy assured the public that hacking attempts on government systems are detected early. He added that public-facing platforms such as help desks are more vulnerable to attacks due to having lower security measures to allow public access.

Uy insisted that while there are ongoing attempts to hack government databases, there is no evidence that any recent sensitive information has been compromised. He suggested that much of the data being circulated by attackers consists of old information, recycled to create the impression of a successful breach. Uy stated that the government continues to strengthen its cybersecurity defences.

The Armed Forces of the Philippines (AFP) verified that cyberattacks on government systems are frequent. AFP spokesperson Colonel Francel Margareth Padilla said such attacks occur daily, but government agencies have systems in place to detect and prevent them. She noted that intrusion detection and prevention systems are continuously improved through collaboration with other agencies and ongoing training.

The DICT revealed that its National Security Operations Centre monitors approximately 2.1 million cyber threats each day. Government institutions account for around half of the targeted incidents, followed by the academic sector, telecommunications industry, and banking and healthcare sectors.

China has denied involvement in the attack. Chinese Ambassador to the Philippines Huang Xilian rejected the allegations, stating that China opposes hacking activities and enforces strict cybersecurity laws. He accused other nations of using cybersecurity issues to stir tensions in the region and pursue geopolitical interests.

Despite government reassurances, the incident highlights ongoing challenges in protecting government networks against sophisticated cyber threats, particularly from state-sponsored actors. The breach underscores the need for stronger cybersecurity measures to safeguard national security.