Sensitive information from the Office of the President (OPS) under Ferdinand “Bongbong” Marcos Jr. was allegedly accessed by Chinese state-sponsored hackers in a campaign spanning several years, according to a Bloomberg report.
The report, citing sources familiar with the matter, revealed that military documents tied to the Philippines-China territorial dispute over the West Philippine Sea were among the stolen data. The hacking group, identified as APT41, reportedly targeted the OPS as part of a broader espionage campaign that also breached other government offices, hospital networks, and organizations from early 2023 to mid-2024.
Cybersecurity experts who discovered the breach informed Philippine authorities about it in 2023 and again in August 2024. In May, the OPS reportedly reached out to one of these experts for more details regarding the cyberattack.
During a press briefing, Department of Information and Communications Technology (DICT) Secretary Ivan Uy stated that while attempts to hack government systems are common, sensitive data was not compromised. Uy emphasized that the government has mechanisms in place to detect and deter such attacks.
“In many instances, we detect the attacks early and secure our databases and systems, preventing any major breaches,” Uy said, adding that only public-facing platforms with minimal security, like help desks, are more vulnerable to intrusion.
The Armed Forces of the Philippines (AFP) echoed similar sentiments, highlighting the daily occurrence of cyberattacks. AFP spokesperson Colonel Francel Margareth Padilla assured the public that intrusion detection and prevention systems are active to safeguard critical information.
The DICT reported in November that its National Security Operations Center monitors approximately 2.1 million cyber threats daily, with government institutions being the primary targets, followed by academia, telecommunications, and banking or healthcare sectors.
Authorities stressed that ongoing coordination and enhanced cyber defenses are vital in addressing the persistent threat of cyberattacks.
