The Department of Information and Communications Technology (DICT) placed government networks on heightened alert after its National Computer Emergency Response Team (NCERT) received “credible intelligence” about a coordinated mass cyberattack targeting government-owned agencies and institutions.
NCERT said the operation is being organized by malicious actors aiming to exploit ongoing political issues to undermine authorities and disrupt government ICT services.
The bureau urged agencies to “heighten cybersecurity vigilance” and immediately implement precautionary measures.
Key risks flagged:
- Leakage of government account credentials and associated data
- Unauthorized access to systems and email
- Possible denial-of-service (DoS) attacks (under verification and monitoring)
- Follow-on attacks, website defacements, or data breaches using compromised accounts
- Immediate actions ordered
The DICT directed agencies to activate internal CERT/CSIRT or incident response teams; enforce or verify multi-factor authentication (MFA) across remote access, admin, email, and privileged accounts; review and prune privileged accounts; and tighten VPN/remote access through IP allow-listing and device posture checks, including rotating credentials if warranted.
Agencies were also told to block or strictly limit remote administration protocols (RDP/SMB/WinRM/SSH) from the public Internet, maintain 24/7 network monitoring with heightened scrutiny for unusual logins or data exfiltration, and secure offline backups of critical data.
User awareness was central to the advisory: employees should be warned against politically themed lures, urgent payment requests, and credential-harvesting pages, and instructed not to click links or open attachments from unverified sources.
The DICT said suspected high-severity events must be reported to NCERT within 15 minutes, while other unusual activities should be filed within one hour.
Reports should include the agency and point-of-contact details, incident summary and time observed, affected systems, initial detections, actions taken, and assistance required.
The DICT stressed the advisory is a precautionary measure, urging proactive steps to prevent compromise or data loss amid the elevated threat environment.
