Hacktivist groups like Ikaruz Red Team are shifting towards ransomware attacks, aiming to disrupt and draw attention to political causes. Exploiting leaked builders, they target Philippine entities, utilizing branding from the government’s CERT-PH. These groups, including Turk Hack Team and Anka Underground, have transitioned from website defacements to ransomware assaults, reflecting a broader trend of hacktivism in the region amidst escalating tensions with China.
Ikaruz Red Team, previously known for defacing websites and launching DDoS attacks, now employs ransomware, highlighting the evolution of hacktivist tactics. Affiliated with pro-Hamas groups like Anka Red Team and Turk Hack Team, IRT utilizes leaked LockBit builders for ransomware operations. Attacks, conducted since January 2023, have targeted various organizations in the Philippines, demonstrating a shift towards disruptive cyber activities with potential geopolitical implications.
The ransomware payloads deployed by Ikaruz Red Team involve customizations aimed at camouflaging malicious activities and mocking cybersecurity efforts. By co-opting imagery and branding associated with Philippine government cybersecurity initiatives, these groups seek to undermine trust in official cybersecurity measures. Operating under aliases across multiple online platforms, IRT claims affiliation with other hacktivist entities and promotes political agendas while exploiting data leaks from Philippine victims.
The rise of hacktivist ransomware attacks in the Philippines underscores broader regional tensions and the increasing weaponization of cyberspace for geopolitical purposes. With groups like Ikaruz Red Team leveraging ransomware to advance political objectives, cybersecurity threats extend beyond conventional cybercrime to include politically motivated cyber disruptions.
