The Philippine human rights alliance Karapatan has suffered a massive and prolonged Distributed Denial of Service (DDoS) attack, Qurium organizations linked it to the local government.

For the past three weeks, the Philippine human rights alliance Karapatan has suffered a heavy and sustained DDoS attack. The attack comes only a month after the waves of DDoS attacks targeting the alternative media outlets Bulatlat and Altermidya, which Qurium could link to infrastructure controlled by the Philippine government and army.

The DDoS attacks are taking place amid the online solidarity campaign #StopTheKillingsPH co-hosted by Karapatan, which marks one year since human rights organizations and advocates across the world asserted the call to stop the killings in the Philippines and to prosecute President Rodrigo Duterte for his crimes against the Filipino people. The event also marks one year since the killing of human rights worker Zara Alvarez, that was an active member of Karapatan.

High level overview of traffic to Karapatan during the attack

Karapatan Secretary General Cristina Palabay states: “These new series of cowardly cyber attacks against our website were obviously made to prevent the public from accessing our reports on the worsening state of human rights in the Philippines — and we know whose interests these attacks serve.”

In the spirit of changing the landscape of commercial denial-of-service mitigation services where forensics knowledge is kept private, Qurium has decided to disclose how we fingerprinted and mitigated the DDoS attacks with the hope that other organizations can learn from our experience, and in solidarity with human rights organization and independent media that do not have the resources to mitigate and attribute targeted attacks.

Qurium’s forensics report reveals that the attack is proxied via 30,000 bots distributed in Russia, Ukraine, Indonesia and China. The attacker has modified the attack strategy a number of times during the past weeks, which illustrates his dedication to the task. However, Karapatan has not suffered any downtime during the heavy attacks and the website operates as normal.

Qurium’s forensics report compiles the technical findings about the infrastructure and techniques used to launch the attacks against Karapatan.

[출처 : SecurityAffairs / 8.29.]