Philippines and APAC

LucidRook Malware Campaign Targets Taiwan NGOs and Universities

The LucidRook campaign targets Taiwan-based organizations using sophisticated spear-phishing and geofencing. Attackers bypass security controls with password-protected archives to deploy malware via malicious shortcuts. This cluster focuses on stealing sensitive data through social engineering.

Human-Centric Cyber Threats on the Rise

Cybercrime in Southeast Asia is shifting toward organized, cross-border networks. In the Philippines, syndicates exploit government trust through social engineering and banking trojans. This human-centric approach combines manipulation with malware to facilitate unauthorized fund transfers.

APT41-Linked Group Targets Government Sector Across Southeast Asia

The Chinese-linked threat actor Silver Dragon, part of the APT41 umbrella, is conducting a sophisticated espionage campaign across Southeast Asia. By utilizing techniques like DLL side-loading, the group targets government entities and critical infrastructure to harvest long-term intelligence.

Philippine Government Intensifies Efforts to Disrupt Illegal Gambling Sites and Regional Scam Networks

The Philippine CICC is intensifying its crackdown on illegal gambling, though an automated system glitch recently disrupted legitimate platforms. Concurrently, Meta removed 150,000 scam-linked accounts in Southeast Asia, signaling a rigorous regional effort to combat cyber fraud.

Professional Regulation Commission Allegedly Suffers from 9GB Data Leak

The Professional Regulation Commission reportedly suffered a massive data leak involving 9 gigabytes of sensitive licensing documents and personal information. Allegedly executed by the threat actor FEMBOYSEC, the breach underscores critical cybersecurity gaps in the government’s digital shift.

Philippine Agencies Expand Digital Oversight: Impact on Social Media and Finance

The DICT retracted its Telegram ban following a cooperation agreement on illegal content monitoring. Simultaneously, the BSP proposed annual cybersecurity self-assessments for financial firms, while authorities intensified crackdowns on illegal lending apps to combat data privacy abuse.

US FBI Intensifies Crackdown Against Southeast Asian Scam Hubs

The FBI partnered with Southeast Asian law enforcement to dismantle industrialized scam compounds linked to organized crime. These hubs utilize forced labor for global "pig butchering" schemes. The joint effort focuses on seizing assets and disrupting transnational cyber fraud networks.

Global Ransomware Attacks Surge 50 Percent in 2025, but Victim Payments Drop to 28 Percent

Global ransomware attacks surged by 50 percent in 2025, but total payments fell as victim payment rates dropped to a record-low 28 percent. Organizations are increasingly refusing to pay, shifting the threat landscape toward data extortion and targeting vulnerable small-to-medium enterprises.

Chinese-Linked APT Group Targets Major Singapore Telcos

The China-linked threat actor UNC3886 targeted Singapore’s major telecommunications providers in a sophisticated espionage campaign. By exploiting zero-day vulnerabilities in edge devices, the group harvested network configurations, posing systemic supply-chain risks for the region.

SEC Flags Unregistered Online Lending Apps

Philippines Strengthens Defense Against Financial and AI-Driven Scams

The PNP-ACG and BPI formalized a partnership to combat sophisticated financial crimes through real-time fraud monitoring and intelligence sharing. Concurrently, the CICC warned of deepfake AI being used in romance scams to impersonate individuals and bypass traditional fraud detection methods.

Multiple Ransomware Groups Target Banking, Hospitality, and Tech Sectors

Multiple ransomware groups, including Qilin and Tengu, have claimed attacks on several Philippine firms, such as PSBank and Lenotech. While LM Metro Hotel confirmed a 30GB data breach, other claims remain unverified by authorities, highlighting a surge in local targeting.

SCAM ALERT: Fake Traffic Violation Text Messages

Authorities are warning of a text scam impersonating government agencies like the MMDA and LTO, claiming recipients have unpaid traffic violations. These messages use pressure tactics and malicious links to redirect victims to fake payment portals to steal banking credentials and personal data.

HoneyMyte’s Persistent Threat to Government Networks across Southeast Asia

HoneyMyte has intensified espionage in South East Asia, targeting government networks via DLL side-loading. The group bypasses security to harvest credentials and monitor activity. With 1,400 past victims in the Philippines, their persistence poses a major risk to national critical infrastructure.

Canada, AFP Conduct Joint Cybersecurity Training

The Canadian and Philippine militaries completed a five-day cyber operations course to bolster the AFP’s ability to defend critical infrastructure. Focused on detection and legal alignment, the training strengthens bilateral defense ties and regional resilience against rising cyber threats.

Philippines Lifts Grok AI Ban After Talks with xAI

The CICC lifted the ban on X’s Grok AI after xAI committed to removing deepfake and content manipulation features. The swift reversal followed similar restrictions in Malaysia and Indonesia, highlighting regional efforts to force AI developers to comply with local safety standards.

DICT to Launch “Oplan Bantay Padala” Monitoring Portal

The DICT is launching “Oplan Bantay Padala,” a centralized portal for filing complaints against courier services. Expanding on the “Oplan Bantay Signal” framework, the system aims to enhance accountability, monitor delivery performance, and professionalize the logistics industry.

Philippine National Police Records Fewer Cybercrime Cases in 2025

The PNP-ACG reported a decline in major cybercrime categories for 2025, including drops in online selling and investment scams. While officials credit awareness efforts, analysts note the data reflects only PNP-handled cases and not the nationwide prevalence across other agencies.

Chinese-Linked Hackers Target Taiwan’s Energy Infrastructure

Taiwan’s NSB reported that Chinese-linked actors, including Mustang Panda and APT41, average 2.63M daily intrusion attempts targeting critical sectors. The focus on energy infrastructure highlights risks for the Philippines' power grid, given its partial ownership by a Chinese state firm.