Hacktivists group target Philippines government ransomware attack

SentinelOne researchers found that the Ikaruz Red Team is targeting the Philippines government using different ransomware builders like LockBit, Vice Society, Clop, and AlphV to carry out “small-scale” attacks. They are also sharing data leaks from various organizations in the Philippines.

Ikaruz Red Team (IRT) has been targeting entities in the Philippines through defacements, small-scale DDoS attacks, and ransomware attacks. This has been happening between 2023 and present day (2024). Resecurity documented that there is a larger wave of hacktivist groups targeting the region. They mentioned that the tensions with China and the strategic significance of the Philippines in the Indo-Pacific make it an attractive target for those who want to cause civil disruption.

• Cyber Attack

LockBit Claims 33 TB of US Federal Reserve Data

By infosecbulletin / Monday , June 24 2024

LockBit claimed that it breached Federal Reserve Board (Federalreserve.gov), the central banking system of the United States and exfiltrated 33...

Read More

• Cyber Attack
• Data Breach

Indonesia’s National data center compromised, $8M ransom demand

By infosecbulletin / Monday , June 24 2024

Cyber attack compromised Indonesia's national data center, causing trouble with immigration checks at airports. Attacker demanded an $8 million ransom,...

Read More

• Vulnerabilities

ESET Issues Security Patch for Privilege Escalation Flaw

By infosecbulletin / Sunday , June 23 2024

ESET Issued security patch for privilege escalation flaw in its Windows security products. This flaw, called CVE-2024-2003 (CVSS 7.3), was...

Read More

• Hot Topic

Hacker offer zero-day RCE exploit of Atlassian Jira for Sale

By infosecbulletin / Saturday , June 22 2024

A threat offer to sell a zero-day exploit for Atlassian's Jira in a underground forum. This exploit can be used...

Read More

• International

US bans Kaspersky software over Russia ties

By infosecbulletin / Friday , June 21 2024

The US plans to ban the sale of Kaspersky antivirus software due to its alleged ties to the Kremlin. Gina...

Read More

• Hot Topic

China-linked spies target Asian Telcos since 2021

By infosecbulletin / Friday , June 21 2024

A group believed to be linked to China has hacked multiple telecom operators in an Asian country since 2021, according...

Read More

• National

Azad selected expert reviewer for CISA Review Manual 28th Edition

By infosecbulletin / Thursday , June 20 2024

Certified Information Systems Auditor (CISA) is a globally recognized professional certification for information systems audit, control, and security. It's offered...

Read More

• Cyber Attack

Attackers Target AWS Vaults, Buckets, and Secrets

By infosecbulletin / Thursday , June 20 2024

DataDog Security Labs found a worrying campaign targeting Amazon Web Services (AWS), showing a new wave of harmful activity aimed...

Read More

• International

CISA released Guidance for Modern Approaches to Network Access Security

By infosecbulletin / Wednesday , June 19 2024

CISA and the FBI released guidance, Modern Approaches to Network Access Security, with support from other organizations including New Zealand’s...

Read More

• Alert

CISA Releases One Industrial Control Systems Advisory

By infosecbulletin / Tuesday , June 18 2024

On June 18, 2024, CISA released an advisory about Industrial Control Systems (ICS). These advisories give important information about security...

Read More

In the past year, there has been a rise in hacktivist attacks in the Philippines. Groups like Robin Cyber Hood, Philippine Exodus (aka PHEDS), Cyber Operations Alliance, and Philippine Hacking University have claimed responsibility for ransomware attacks, misinformation campaigns, and espionage.

On April 8th, the National Privacy Commission (NPC) of the Philippines started investigating a breach of the Department of Science & Technology by a previously unidentified hacktivist group called #opEDSA.

Ikaruz Red Team Ransomware Activity:

Ikaruz Red Team, previously known for web defacements and nuisance attacks, is now launching small-scale ransomware attacks using leaked LockBit builders. They are distributing modified LockBit 3 ransomware and advertising data leaks from various organizations in the Philippines.

Ikaruz Red Team ransom notes are based on the LockBit template. The only change is the replacement of the LockBit ransomware name with ‘Ikaruz Red Team’ in the top line. By modifying the config.json file before creating the LockBit payloads, this change can be easily made in the ransom notes. Click here to readout the full report.