Cyber Attacks Linked to Protests Hit LGUs and National Agencies
Deep Web Konek (DWK) has documented at least 50 cyberattacks between September 20 to 23 as of this writing, coinciding with nationwide protests calling for accountability and transparency in government agencies. The incidents included widespread defacements of local government websites, coordinated distributed denial-of-service (DDoS) attacks on national portals, and an alleged data breach targeting the Department of Information and Communications Technology’s (DICT) eGov PH platform.
We reported that more than 30 government websites were defaced during the protest period. The attacks hit multiple LGUs in Zamboanga del Sur, Zamboanga Sibugay, and Laguna, as well as education and infrastructure offices such as DepEd Region IX, DepEd Pagadian, and the Department of Public Works and Highways. Other affected entities included the Kalayaan Water District and the BJMP ORAJ system. Some of the defacements remained online for several hours before restoration.
Notable defacement incidents included:
• DPWH
• DepEd Region IX and DepEd Pagadian
• BJMP ORAJ system
• Tarlac City
• Multiple Laguna LGUs including Santa Maria, Cavinti, and Sta. Cruz
• Sangguniang Panlalawigan of Zamboanga del Sur and Sibugay and many others.
DWK also received reports of sustained DDoS attacks, some lasting more than an hour, against several national websites. The affected domains included the Office of the President, the government’s DNS registry, the Commission on Higher Education (CHED), the Board of Investments (BOI), the DICT’s Free Public Wi-Fi project, the Freedom of Information (FOI) portal, the Department of Agriculture (DA), the Department of Social Welfare and Development (DSWD), and the Bureau of Customs (BOC). These attacks caused temporary disruptions, though most services were restored following mitigation efforts.
Notable DDoS targets included:
• Office of the President
• DNS Registry (dns.gov.ph)
• CHED
• DSWD
• Bureau of Customs and many others.
An alleged data breach also surfaced during the same period involving the eGov PH platform of the DICT. Claims circulating on an underground forum suggest that more than 30,000 complainant records were exposed from the system’s E-Complainant Portal. Screenshots posted online appeared to show a database of citizen-submitted reports, including complaint messages, case details, and status updates. Some personal identifiers were visible in the samples shared by the threat actor, though the authenticity and full scope of the breach remain unverified.
The actor, using the alias “Dedsec_Manila,” claimed responsibility for the incident and alleged that the breach was carried out through the eGov API.
The team emphasized that the wave of cyber incidents was closely tied to the series of street demonstrations over the past week. Hacktivists appear to have used the protest movement as a backdrop for their digital offensive, aiming to amplify their message by targeting both local and national government institutions.
