Thursday , March 6 2025
logo

Hacktivists group target Philippines government ransomware attack

infosecbulletin Wednesday , May 22 2024 Cyber Attack, Ransomware

SentinelOne researchers found that the Ikaruz Red Team is targeting the Philippines government using different ransomware builders like LockBit, Vice Society, Clop, and AlphV to carry out “small-scale” attacks. They are also sharing data leaks from various organizations in the Philippines.

Source: Sentinelone

Ikaruz Red Team (IRT) has been targeting entities in the Philippines through defacements, small-scale DDoS attacks, and ransomware attacks. This has been happening between 2023 and present day (2024). Resecurity documented that there is a larger wave of hacktivist groups targeting the region. They mentioned that the tensions with China and the strategic significance of the Philippines in the Indo-Pacific make it an attractive target for those who want to cause civil disruption.

CVE-2025-22224
41,500+ VMware ESXi Instances Vulnerable to Attacks

By infosecbulletin / Thursday , March 6 2025
As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited...
Read More
CVE-2025-22224 41,500+ VMware ESXi Instances Vulnerable to Attacks

Register Now
AI Engineering Hackathon: Registration Open

By infosecbulletin / Wednesday , March 5 2025
On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize "AI ENGINEERING HACKATHON". The prize...
Read More
Register Now AI Engineering Hackathon: Registration Open

Cisco alerts about a Webex flaw that exposes credentials

By infosecbulletin / Wednesday , March 5 2025
Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely....
Read More
Cisco alerts about a Webex flaw that exposes credentials

NVIDIA Issues Warning of Multiple Vulnerabilities

By infosecbulletin / Wednesday , March 5 2025
NVIDIA has released urgent security advisories for multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing platforms. A critical flaw...
Read More
NVIDIA Issues Warning of Multiple Vulnerabilities

Update Now
Chrome 134 Released, Fixes 14 Vulnerabilities

By infosecbulletin / Wednesday , March 5 2025
Google has released Chrome 134 for the stable channel on Windows, macOS, and Linux, effectively addressing 14 security vulnerabilities. Among...
Read More
Update Now Chrome 134 Released, Fixes 14 Vulnerabilities

Broadcom Patches 3 VMware Zero-Days Exploited In Attacks

By infosecbulletin / Tuesday , March 4 2025
Broadcom issued a security alert on Tuesday, warning VMware customers about 3 exploited zero-day vulnerabilities. Vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226...
Read More
Broadcom Patches 3 VMware Zero-Days Exploited In Attacks

Singapore issues new guidelines for data center and cloud services

By infosecbulletin / Tuesday , March 4 2025
The Infocomm Media Development Authority (IMDA of Singapore unveils advisory guidelines to reduce occurrences of disruptions to cloud services and...
Read More
Singapore issues new guidelines for data center and cloud services

Update Alert!
Google Warns of Critical Android Vulns Under Attack

By infosecbulletin / Tuesday , March 4 2025
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws affect...
Read More
Update Alert! Google Warns of Critical Android Vulns Under Attack

CISA adds Cisco and Windows vulns as actively exploited

By infosecbulletin / Tuesday , March 4 2025
CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these...
Read More
CISA adds Cisco and Windows vulns as actively exploited

10 New Vulnerabilities Discovered in MediaTek Chipsets

By infosecbulletin / Monday , March 3 2025
MediaTek has released its March 2025 Product Security Bulletin, which highlights new security vulnerabilities affecting various chipsets in smartphones, tablets,...
Read More
10 New Vulnerabilities Discovered in MediaTek Chipsets

In the past year, there has been a rise in hacktivist attacks in the Philippines. Groups like Robin Cyber Hood, Philippine Exodus (aka PHEDS), Cyber Operations Alliance, and Philippine Hacking University have claimed responsibility for ransomware attacks, misinformation campaigns, and espionage.

Source: Sentinelone

On April 8th, the National Privacy Commission (NPC) of the Philippines started investigating a breach of the Department of Science & Technology by a previously unidentified hacktivist group called #opEDSA.

Ikaruz Red Team Ransomware Activity:

Ikaruz Red Team, previously known for web defacements and nuisance attacks, is now launching small-scale ransomware attacks using leaked LockBit builders. They are distributing modified LockBit 3 ransomware and advertising data leaks from various organizations in the Philippines.

Ikaruz Red Team ransom notes are based on the LockBit template. The only change is the replacement of the LockBit ransomware name with ‘Ikaruz Red Team’ in the top line. By modifying the config.json file before creating the LockBit payloads, this change can be easily made in the ransom notes. Click here to readout the full report.

Check Also

Infostealer

HaveIBeenPwned Added 244 Million Passwords Stolen By Infostealers

A breach notification site has added millions of new passwords and email addresses obtained from …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin