It would seem the Philippines has been the target of a ten-year Chinese cyber espionage campaign just recently uncovered by security firm FireEye:
According to FireEye, the state-sponsored cyber espionage campaign targets Southeast Asia and India.
FireEye said APT 30’s attack tools, tactics, and procedures (TTPs) have not changed since the campaign started. It said this finding is rare since most APT actors adjust their TTPs regularly to evade detection.
“It’s highly unusual to see a threat group operate with similar infrastructure for a decade. One explanation for this is they did not have a reason to change to new infrastructure because they were not detected. This would suggest many organizations are not detecting these advanced attacks,” Issa said.
“The threat intelligence on APT 30 we are sharing will help empower organizations in the Philippines to quickly begin to detect, prevent, analyze and respond to this established threat.”
According to FireEye, the APT 30 deployed customized malware for use in specific campaigns targeting Southeast Asian nations and others.
“It appears that some of the 200 samples of APT 30 malware included in the investigation targeted organizations in the Philippines,” it said.
I have no direct experience with the Philippines and their cyber capabilities, but this comes as no surprise to me. My guess is they have only rudimentary skills and are severely lacking the required expertise to identify these attack campaigns on their own, which is why firms like FireEye are assisting.
Disclaimer: I work for Intel Security, a FireEye competitor.