InfoSecBulletin Cybersecurity for mankind
SentinelOne researchers found that the Ikaruz Red Team is targeting the Philippines government using different ransomware builders like LockBit, Vice Society, Clop, and AlphV to carry out “small-scale” attacks. They are also sharing data leaks from various organizations in the Philippines.
Ikaruz Red Team (IRT) has been targeting entities in the Philippines through defacements, small-scale DDoS attacks, and ransomware attacks. This has been happening between 2023 and present day (2024). Resecurity documented that there is a larger wave of hacktivist groups targeting the region. They mentioned that the tensions with China and the strategic significance of the Philippines in the Indo-Pacific make it an attractive target for those who want to cause civil disruption.
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
In the past year, there has been a rise in hacktivist attacks in the Philippines. Groups like Robin Cyber Hood, Philippine Exodus (aka PHEDS), Cyber Operations Alliance, and Philippine Hacking University have claimed responsibility for ransomware attacks, misinformation campaigns, and espionage.
On April 8th, the National Privacy Commission (NPC) of the Philippines started investigating a breach of the Department of Science & Technology by a previously unidentified hacktivist group called #opEDSA.
Ikaruz Red Team Ransomware Activity:
Ikaruz Red Team, previously known for web defacements and nuisance attacks, is now launching small-scale ransomware attacks using leaked LockBit builders. They are distributing modified LockBit 3 ransomware and advertising data leaks from various organizations in the Philippines.
Ikaruz Red Team ransom notes are based on the LockBit template. The only change is the replacement of the LockBit ransomware name with ‘Ikaruz Red Team’ in the top line. By modifying the config.json file before creating the LockBit payloads, this change can be easily made in the ransom notes. Click here to readout the full report.
