MANILA (UPDATE) — The Department of Information and Communications Technology (DICT) on Tuesday confirmed that several agencies under the executive branch have been subjected to "persistent" cyberattacks from groups associated with China.

DICT: More than 20,000 'vulnerabilities' identified in gov't online assets

DICT undersecretary for cybersecurity Jeffrey Ian Dy said the attacks have been targeting the "executive branch, including that of the Philippine Coast Guard, including some departments of the executive branch like the DENR and Department of Agriculture, and of course the Office of the President."

Dy said they detected the threats as early as 2023 "but we were not yet ready to inform the public then because we have to ascertain certain facts."

'Battlefield is changing': Marcos orders military to gear up for 'digital warfare'

The official refrained from characterizing the attacks as "massive" and instead described them as "persistent."

"I would rather say it being persistent... If we blocked them from one side, they continue to persist in trying to attack another database," he said, adding that "some went through, some were blocked."

He said the attacks were sophisticated and most likely carried out by "well-learned and well-organized teams."

"The type of attacks tells us that these are not regular hackers, these are not regular hacktivists. These are well-learned, well-organized teams with sufficient technology, knowledge, and with sufficient time to be able to persistently put pressure into our cybersecurity system," he said. 

Taiwan says cyberattacks double in 2024, China main culprit

Dy refused to name China as the culprit behind the attacks, but said the hackers' methods were "consistent" with groups linked to Beijing.

"I wouldn't go as far as to say they are Chinese-sponsored or China state-sponsored, but I can say that the tactics, techniques, and procedures are well-documented and they belong to Chinese groups," he said, naming advances persistent threat (APT) groups 41 and 21, "which are closely associated with Chinese threat actors."

Similar attacks were also monitored in the United States, United Kingdom, and other countries "within the region," Dy noted.

Dy also said the Defense department should be the one to confirm or deny the Bloomberg report that said sensitive military data, some related to the South China Sea dispute, were stolen in the series of attacks. 

The DICT official said the attacks emphasized that "cybersecurtity should really be now part of our national security strategy."

"Because technology has evolved, AI is here, and it makes our work in cybersecurity a lot more complex," he said.

China has previously denied backing cybersecurity attacks against perceived foes such as the US and Taiwan, calling the claims "groundless."

China slams 'groundless' claims of cyberattack on US Treasury

President Ferdinand Marcos, Jr. last year ordered the military and other security officials to beef up its skills to combat "new forms" of threat, particularly the emergence of digital warfare.

RELATED VIDEOS: