Digital Security Firm: Government Institutions Are Among the Targets of an Advanced Persistent Threat Campaign
12 August 2021
The Philippines is being targeted by the LuminousMoth advanced persistent threat (APT) campaign, which is ascribed to the Chinese-speaking threat organization HoneyMyte. Kaspersky, major cybersecurity and digital privacy firm, found 100 victims in Myanmar and 1,400 in the Philippines, including some government institutions.
Based on known reports concerning this kind of attack, specifically the advanced persistent attack (“APT”) connected to this group identified as LuminousMoth, this was discovered to have started in late 2020 (around October 2020).
"Unlike any form of cyber-threats we know of, APT such as this one does the attack on a very systematic manner which can persist over long periods of time," says John Paul M. Gaba, Partner, Angara Abello Concepcion Regala & Cruz Law Offices (ACCRALAW). "This involves generally a series of activities which for most of us seem to be very normal, routinary, or “innocent” and we normally take for granted – such as opening links or files from emails coming from “suspicious” or “pretentious” senders or even our frequent use of USB removable devices, among others. Based on recent findings, the LuminousMoth group deploy this APT in Southeast Asia, mainly in Myanmar and in the Philippines, with our country appearing to be experiencing the most incidence (more than 10 times that occurred in Myanmar). For reasons not really fully known, these kinds of cyber-attacks are generally launched for purposes of gain (whether financial or otherwise) and of securing access to records and data. The incidence of this APT in the Philippines appears to victimize government entities per known reports, presumably because the government is generally the biggest repository of information and records."
In view of the sophistication of this kind of cyber-threat operation, it is important that “attacked” entities must immediately respond to the situation and to the extent possible minimize any further harm/damage.
"It is without saying that such entities must conduct all the relevant investigations, comply with all reporting requirements with the regulatory agencies in case such obligation is legally mandated in the relevant jurisdiction (especially in countries with robust privacy law regimes), and implement security measures not only to advert further damage but to prevent similar attacks from happening in the future," says Gaba.
For protection from such cyber-attacks, Gaba says that apart from deploying all tools that will protect one’s digital environment, it is essential that relevant users be engaged and informed how they can help.
"It is important that every individual who has cyber-presence (which would include use of e-mails or any social media platforms) to always observe cyber-hygiene practices – not to open “suspicious” e-mails and e-mails coming from unknown senders, avoiding downloading files and links that come from unknown sources, minimizing the use of portable storage devices, among others," he says. "For entities, it goes without saying that apart from the deployment of appropriate technological protection tools, that they establish and implement clear-cut protocols and guidance on the use of their various IT assets, which include outlining users’ duties and responsibilities and providing an effective incident reporting and management procedure."
Excel V. Dyquiangco
