It appears that the websites, philippinerevolutions.com, cpp-ndf.org, josemariasison.com are all hacked. A satirical deface message is printed in the page that claims Jose Maria Sison, founder of Communist Party of the Philippines, is urging the ideology’s supporters to stop and be united with the Philippine government. The logo of “anonymous” hackers is also used as a background in the supposed defaced message that depicts the culprit could be from the hacking group @Anonymous Philippines.
We have posted the details on our Facebook page until an hour later, we realized that it is one clever attack – simultaneous to the party’s 50th anniversary today.
All domain names claimed to be defaced are purchased this year, list include:
What the attackers did is clone the real website of CPP/NPA which is http://philippinerevolution.info to https://philippinerevolutions.com. They then waited for the Google bots to crawl and cached the .com domain before staging the “supposed” defacement.
They waited for the Google Cache to propagate since it will support the attacker’s claim if somebody does check the website’s cache. A DDOS attack is also launched against the official website philippinerevolution.info to deny access and further support THAT the .com is the legit domain nam.
This is one clever attack that involves funding and planning. A couple of domains are purchased for a successful typosquatting.
What do you think of this attack? Who do you think is behind this?
Thank you PHN and IWS team for the inputs.