As China cyber threat grows, Philippines’ understaffed security team turns to hackers for help

In a November report, a Chinese group known as Stately Taurus was blamed for an attack that had compromised a Philippine government agency for five days earlier in 2023, coinciding with clashes between the two countries’ ships in the South China Sea.

Stately Taurus’s operations “align with geopolitical topics of interest to the Chinese government,” according to Palo Alto Networks, the US cybersecurity firm that produced the report.

Philippine officials say it is difficult to pin any cyberattack on one specific country. Still, online security breaches in the Southeast Asian nation are widespread.

More than 60,000 user accounts were compromised in the third quarter of last year, according to cybersecurity company Surfshark, putting the Philippines among the world’s 30 most-attacked countries. In September, state insurer Philippine Health Insurance Corp. suffered a huge data leak. Hackers defaced the website of the country’s House of Representatives just weeks later.

“Cyberattacks are a bigger threat than the firing of water cannons,” said Sherwin Ona, a cyberdefence consultant to the National Security Council and an associate professor at De La Salle University in Manila.

Philippine data leaks expose ‘infuriating’ extent of cybersecurity failures

The government’s cyber response team has 35 members. The group is so understaffed that it is sometimes forced to work with anonymous “black hat” hackers, who may have previously attacked government websites but are willing to offer tips on looming threats, said Jeffrey Ian Dy, undersecretary at the Department of Information and Communications Technology.

“Do we even have the capability, with just 30 people looking at each and every weakness? We do not,” Dy said, adding that the team would ideally number about 200. “We do our best to defend the republic.”

Shortage of funds is the primary obstacle, he said. The Philippines lacks a competitive pay scale to recruit and retain cyber talent within government agencies, according to research backed by the United States Agency for International Development.

Government agencies are not the only ones taking increasing notice of the threat. Romeo Brawner Jnr, the Philippine armed forces’ chief of staff, announced plans in October to recruit more “cyber warriors” to combat what he described as near-daily threats, including from unidentified foreign forces.

“Worldwide, cyber is really becoming a very important domain in warfare,” Brawner said at the time. “This new breed of warriors don’t necessarily have to be muscled; what we need are individuals who are intelligent and very skilful in [the] cyber domain.”

In recent months, governments around the world have warned of China’s potential digital threat.

In its latest Annual Threat Assessment, the US Office of the Director of National Intelligence said that “China probably currently represents the broadest, most active, and persistent cyber espionage threat to US Government and private-sector networks.” In May, Britain’s spy agency warned of fresh threats from China’s nation-state hackers.

Why Singapore’s new AI plan could help Asia’s cybercrime fight

“China is using Russia’s playbook and uses it against its adversaries,” he said.