Cyberattacks hit the websites for three businesses linked to House Speaker Martin Romualdez: Prime Media Holdings, Marcventures Holdings Inc., and Bright Kindle Resources & Investments, Inc. The three sites were defaced.

An online group, Deep Web Konek, posted about the attacks on Facebook last March 24. The attacks were verified by way of archived pages of the attacked sites on Wayback Machine.

The snapshots from March 24 for the three defaced sites showed a political message saying it was “seized by the Filipino people!”

The defaced sites also had a message railing against charter change and political dynasties.

The page reads, “Political dynasties and their oligarch allies does not represent the interests of the 99% of Filipino people. These crooks that continue to manipulate us by keeping their personal and petty interests the standard of politics to get hold of the public funds (our money) straight to their pockets is an insult to many of us whose families are already starving and surviving daily without any social benefits.”

The sites, Marcventuresholdings.com, Primemediaholdingsinc.com, and Brightkindle.com are shown below.

“Also, we are tired of receiving alms and ‘Utang na Loob’ from these politicians who favor their oligarch allies more than us. These crooks never represent our own politics and worries. They never will and never be! No to Charter Change that benefits further the economic power of the rich!” it went on to say.

Further, the #opEDSA hashtag on the defaced page linked to a longer text message decrying political dynasties and the oligarchy, and called for political change, shown below.

As of Tuesday, April 2, the sites for the three businesses remain offline and inaccessible.

Acer Philippines hack also attributed to ‘ph1ns’

A March 26 iteration of the Wayback Machine snapshot for the defaced Prime Media Holdings website also had a callout for people to message the apparent attacker, “ph1ns” via a Protonmail email address. The Deep Web Konek group also mentioned “ph1ns” on their Facebook post as the likely attacker.

Coincidentally, the “ph1ns” username was also attributed to a hack of the Philippine division of Taiwanese tech company Acer after a third-party vendor suffered a security breach, according to cybersecurity company BitDefender.

In the Acer instance, the attacker apparently leaked a stolen database with employee attendance data, including workers’ names, usernames, passwords, roles, departments, the employer’s name, birthdates, mobile phone numbers, and email addresses.

Looking like a signature for the hackers, the #opEDSA hashtag was also used in that particular attack.

Acer Philippines said in a statement on X on March 12 that only employee data was affected, and not consumer data.

– Rappler.com