In what they stated to be their last operation “for now” due to being sought by law enforcement agencies, local hacking group Philippine Exodus Security in a social media post on Saturday, Feb. 22, claimed to have breached the mail system of the Philippine Army.
The group stated that they had compromised over 10 high-ranking official accounts from the Philippine Army, and had obtained highly confidential documents from both the Philippine Army and the Department of National Defense (DND).
The group also claimed to have obtained 300GB of classified data which included internal collaborations between the DND and the Philippine Army.
The group discussed and shared 2023 internal memos from the Philippine Army and the DND discussing the black hat hacking group Pinoy LulzSec, warning of potential hacking and web defacement activities on April Fool’s Day (known internationally as April Lulz) in 2023. In the post, they also shared screenshots of a Philippine Army internal mailbox suite account, including a redacted inbox and preferences page.
According to the cyber monitoring group Deep Web Konek (DWK), the hackers stated that the exfiltrated data contained Summary of Information (SOI) records of 10,000 active and separated soldiers from 2018 to 2024 and reportedly contained:
- Full names, ranks, and serial numbers
- Birthdates, home and office addresses
- Past and present military assignments
- Training records, certifications, and promotions
- Health and physical records, including medical history
- Contact information (personal and official emails, phone numbers)
- Financial details such as TIN, PhilHealth, and LBP ATM account numbers
- Criminal and disciplinary records
Throughout the post, Philippine Exodus Security also taunted the Philippine Army on its security, calling it “a joke” and referred to the Cybersecurity Battalion as “a pathetic excuse for a cybersecurity unit”.
The group also stated that foreign threat actors are laughing at the Philippines right now due to poor cybersecurity and defenses. They mentioned how easy it was for local actors like themselves to go through “secured” systems, and asked people to think about what more foreign Advanced Persistent Threat (APT) and state-sponsored hacking groups from China, Russia, North Korea, and Iran could do to the Philippines.
In another social media post two days prior, Philippine Exodus Security also claimed to have infiltrated the mail system of the Philippine Navy, stating that the Navy used weak passwords and lacked 2-factor authentication. The group claimed to have gathered 15GB of confidential data spanning 2020 to Feb 2025 from 5+ accounts, and threatened to release it to the public if the Philippine Navy denied the breach.
They also shared screenshots of the first pages of a confidential SOI document and a Night Vision Imaging System (NVIS) device acquisition project, and the preferences page of what appeared to be the Philippine Navy mail and Collaboration System.
According to a Deep Web Konek story, Philippine Exodus Security stated that the Navy had used weak passwords such as “passw0rd”. DWK also reported that the stolen data allegedly contained highly sensitive intelligence on Navy officials and personnel, with over 1,000 high-value individuals fully exposed.
The data reportedly contained:
- Full names, ranks, and Armed Forces of the Philippines Serial Numbers (AFPSN)
- Provincial and current addresses
- Office station locations
- Private emails and direct contact numbers
- Birthdates, enlistment dates, and service history
- Duty assignments, promotions, and training records
- Military schooling, awards, and commendations
- Next of kin details and relationship mappings
- Personal biometric identifiers
The group also taunted the Philippine Navy, calling it “as weak as the PCSO (Philippine Charity Sweepstakes Office) which it also claimed to have breached on February 12. After denials of a data breach by the PCSO, Philippine Exodus Security stated that they were dumping 100GB of sensitive data, and on February 14 shared a 102MB archive file on the Web as a sample which contained government IDs and photos of multiple individuals, lottery tickets, as well as other PCSO documents.
Philippine Exodus Security previously claimed that they had breached the Philippine National Police Anti-Cybercrime Group (PNP ACG)’s database systems in March 2024.
