In June 2024, the Philippine Maritime Industry Authority (MARINA) suffered a severe cyberattack executed by the hacker 'Ph1ns,' who exploited vulnerabilities in subdomains to breach the agency’s systems. The attacker gained unauthorized access to 91 GB of critical maritime data, successfully exfiltrating 20 GB, including highly sensitive information such as ship specifications, ownership histories, and operational records. The breach was achieved through advanced techniques like fuzzing and file upload manipulation, allowing the hacker to bypass security controls and escalate privileges to full administrative control. The incident highlights systemic weaknesses in MARINA’s cybersecurity defenses, exposing the agency—and by extension, the Philippine maritime sector—to significant operational, financial, and reputational risks. The compromised data could facilitate fraud, espionage, or disruptions in maritime trade, given its strategic importance to national and global supply chains. The breach also underscores the urgent need for government critical infrastructure to adopt robust security measures, including vulnerability patching, access controls, and real-time threat monitoring, to prevent future exploits that could jeopardize national security and economic stability.
TPRM report: https://www.rankiteo.com/company/maritime-industry-authority-marina-dotc
"id": "mar325092125",
"linkid": "maritime-industry-authority-marina-dotc",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'maritime',
'location': 'Philippines',
'name': 'Philippine Maritime Industry Authority '
'(MARINA)',
'type': 'government agency'}],
'attack_vector': ['vulnerability exploitation in subdomains',
'fuzzing',
'file upload manipulation'],
'data_breach': {'data_exfiltration': '20 GB exfiltrated out of 91 GB accessed',
'sensitivity_of_data': 'high (critical maritime '
'infrastructure data)',
'type_of_data_compromised': ['ship specifications',
'ownership histories',
'operational records']},
'date_detected': '2024-06',
'description': "In June 2024, a cyberattack by hacker 'Ph1ns' breached the "
'Philippine Maritime Industry Authority (MARINA), exposing '
'critical maritime data, including ship specifications, '
'ownership histories, and operational records. Exploiting '
'vulnerabilities in subdomains, the attacker accessed 91 GB of '
'data, exfiltrating 20 GB. Techniques included fuzzing and '
'file upload manipulation to bypass security, escalating to '
'full administrative control. The breach underscores the '
'importance of strengthening cybersecurity in government '
'systems to prevent data compromise and operational risks in '
'critical infrastructure.',
'impact': {'brand_reputation_impact': 'potential damage to trust in '
'government cybersecurity',
'data_compromised': ['ship specifications',
'ownership histories',
'operational records'],
'operational_impact': 'potential operational risks in critical '
'maritime infrastructure',
'systems_affected': ['MARINA subdomains',
'administrative systems']},
'initial_access_broker': {'entry_point': 'subdomain vulnerabilities',
'high_value_targets': ['ship specifications',
'ownership histories',
'operational records']},
'lessons_learned': 'Importance of strengthening cybersecurity in government '
'systems to prevent data compromise and operational risks '
'in critical infrastructure.',
'post_incident_analysis': {'root_causes': ['subdomain vulnerabilities',
'inadequate security against '
'fuzzing and file upload '
'manipulation']},
'ransomware': {'data_exfiltration': '20 GB'},
'threat_actor': 'Ph1ns',
'title': 'Cyberattack on Philippine Maritime Industry Authority (MARINA) by '
"Hacker 'Ph1ns'",
'type': ['data breach', 'unauthorized access', 'cyberattack'],
'vulnerability_exploited': 'subdomain vulnerabilities'}