(2015-2016) Old group banner
Deathnote Hackers (DNH) is a Manila-based Greyhat hacking group founded in 2016 by TATAY45, initially starting as a hacking tutorial page before evolving into a full-fledged hacking collective. TATAY45, after gaining expertise in unethical hacking, programming, and SEO, was inspired by the international hacking group "Lulzsec" and their Operation CODE:51, which focused on leaking sensitive information. This inspired TATAY45 to launch his own operation, also called CODE:51, targeting the release of leaked source codes. However, facing challenges while operating alone, TATAY45 expanded his efforts by recruiting members skilled in penetration testing, programming, and cybersecurity.
This led to the formation of Deathnote Hackers. By mid-2016, the group had grown, with members from other hacking communities like Unirises, ZyberPh Developers, DeepWeb FAKK, and representatives from Anonymous. Notorious for their cyberattacks, DNH gained significant attention after executing a Distributed Denial of Service (DDoS) attack on Dragon Nest SEA, a game owned by Eyedentity Games, in 2015. They also unleashed a ransomware attack in 2017 that targeted public forums, with BleepingComputer first detecting it in the wild. Under the leadership of Klammer, who joined in late 2016 and took over after TATAY45's retirement, DNH expanded its operations.
In 2022, DNH actively participated in the Russia-Ukraine cyber conflict, supporting Ukraine by disrupting Russian cyberattacks and defending critical infrastructure. Collaborating with members like "LiteMods" from the United States, the group also engaged in various operations around the world, including in #OPJapan and #OPSenegal. Today, DeathNote Hackers continues to be a prominent and highly active group, blending hacktivism with skilled cyber operations.
Learn about their past and recent cyber operations down below
Note: list are NOT complete and only features notable news attributed to the group
Department of Energy (DOE) Breach (2024)-
Incident: The hackers defaced the platform, exploiting known vulnerabilities in the system's security protocols. The attack exposed sensitive information related to Government Energy Management Program (GEMP)
-
Impact: The breach compromised public trust in government cyber defense mechanisms. No classified energy information was revealed, but there were concerns regarding the platform’s overall security architecture.
-
Response: The DOE's cybersecurity teams worked with external experts to assess the damage and fortify their systems to prevent future attacks.
Senate Website Breach (2024)
-
Incident: The Philippine Senate's official website was breached by DeathNote Hackers, who gained unauthorized access to sensitive legislative data, including employee credentials and communication logs. The hackers claimed responsibility for exposing the vulnerabilities in the Senate's web security infrastructure.
-
Impact: While no top-secret documents were compromised, the breach prompted concerns over the security of official government websites. The exposure of personal information of Senate employees posed a significant privacy risk.
-
Response: The Senate initiated a cybersecurity overhaul, including enhanced encryption methods and employee training to avoid similar incidents in the future.
-
Source: https://newsinfo.inquirer.net/1975429/senate-website-hacked-but-no-secret-sensitive-data-lost
eGov PH Subdomain Defacement (2024)
-
Incident: DeathNote Hackers defaced a subdomain of the eGov PH website, which serves as a digital platform for government services. The defacement exposed critical vulnerabilities in the system's content management system (CMS), which allowed unauthorized access to the platform.
-
Impact: The breach raised concerns about the adequacy of security measures protecting government portals.
-
Response: Immediate measures were taken to restore services, and the Department of Information and Communications Technology (DICT) promised to review security protocols to safeguard citizen data.
-
Source: https://newsbytes.ph/2024/08/11/hackers-claim-to-have-breached-egov-ph-super-app-elgu-system/
DICT Subdomain Breach (2024)
-
Incident: A subdomain of the Department of Information and Communications Technology (DICT) was hacked by DeathNote Hackers. The breach resulted in the exposure of over 27,000 sensitive records from the municipality of Sablan, Benguet, including personal information of citizens.
-
Impact: The breach highlighted security weaknesses in government websites that manage public data. It led to fears about the potential misuse of personal information.
-
Response: The DICT, in collaboration with the National Privacy Commission, launched an investigation into the breach and implemented stricter security measures to protect citizen data.
Metro Pacific Tollways Corporation (MPTC) Breach (2024)
-
Incident: DeathNote Hackers successfully infiltrated the Easytrip system of Metro Pacific Tollways Corporation (MPTC), exposing over 1 million customer records. This data included toll transaction records, payment information, and other personally identifiable information (PII).
-
Impact: Although MPTC assured customers that no financial losses occurred, the breach raised significant concerns about the security of electronic payment systems. Public trust in tollway infrastructure was affected.
-
Response: MPTC immediately started securing their online systems, enhancing encryption protocols for customer transactions, and offering identity theft protection to affected individuals.
Villar Group of Companies Breach (2024)
-
Incident: DeathNote Hackers infiltrated systems within the Villar Group of Companies, compromising over 2.3 million records. The data included both personal and corporate information, some of which were related to sensitive financial transactions.
-
Impact: The breach affected employees and clients, with some internal communications also being exposed. The incident raised alarms about the cybersecurity preparedness of large conglomerates in the Philippines.
-
Response: The Villar Group has yet to comment officially on the attack, but industry experts believe they will soon implement stricter data protection policies to regain public trust.
GMA Network Breach (2024)
-
Incident: Hackers from DeathNote Hackers accessed GMA Network's internal file-sharing system, exposing confidential project files. The files included pre-production materials, internal communications, and sensitive company information.
-
Impact: This raised concerns about the security of media companies handling confidential content.
-
Response: GMA Network initiated a thorough investigation, working to enhance the security of their internal communications and project management platforms.
ABS-CBN Amagi Cloud Operations Breach (2024)
-
Incident: The Amagi cloud-based scheduling and broadcast platform used by ABS-CBN was compromised by DeathNote Hackers. This breach posed a risk to the network's broadcasting operations, potentially disrupting live content schedules.
-
Impact: While ABS-CBN managed to avoid major disruptions in content, the breach sparked concerns about the vulnerability of broadcast media operations to cyberattacks.
-
Response: ABS-CBN acted swiftly to patch vulnerabilities, enhancing the security of its cloud systems to prevent similar incidents in the future.
MicroPort Scientific Corporation Breach (2024)
-
Incident: DeathNote Hackers breached the systems of MicroPort Scientific Corporation, a Shanghai-based medical device manufacturer. The hackers exposed proprietary research data, medical device designs, and employee information.
-
Impact: The breach raised international concerns regarding the cybersecurity of medical research and healthcare-related industries. The leaked information could potentially compromise patient safety and medical advancements.
-
Response: MicroPort assured clients that no patient data was exposed but pledged to improve cybersecurity measures within their operations to prevent future attacks.
Romblon State University Alleged Faculty Misconduct Exposed (2024)
-
Incident: A significant breach at Romblon State University exposed sensitive data, including allegations of misconduct involving faculty members. Personal information of faculty and students, as well as internal administrative communications, were leaked.
-
Impact: The breach brought public attention to potential issues within the university's administration and faculty, prompting calls for improved data protection measures within educational institutions.
-
Response: The university initiated an internal review to address the breach and the alleged misconduct and has since enhanced security protocols.
Philippine Air Force (PAF) Breach (2025)
-
Incident: DeathNote Hackers compromised critical systems within the Philippine Air Force, gaining access to the Electronic Document Filing System (EDFS) and the Military Integrated Information System (MIIS). The breach exposed sensitive military documents, operational data, and intelligence reports.
-
Impact: The breach posed a significant risk to national security, as classified military operations and intelligence were exposed. The government immediately launched a full investigation to address the vulnerabilities in the Philippine military’s cybersecurity protocols.
-
Response: The Philippine Air Force is now working with international cybersecurity agencies to improve the protection of sensitive defense data.
Makati Vaccine Records Breach (2024)
-
Incident: A major data breach involving the personal and medical records of approximately 19,000 individuals occurred at Ospital ng Makati (OSMAK). The hackers revealed sensitive vaccine-related data, including vaccine types, dates of vaccination, and patient identities.
-
Impact: This breach raised alarm over the protection of healthcare data, as the leaked information included private health records and vaccination history.
-
Response: OSMAK initiated a full investigation and has since taken action to improve its cybersecurity systems.
Bureau of Customs Hack Reveals Employee and Customer PII at Risk (2024)
-
Incident: DeathNote Hackers breached the Bureau of Customs’ systems, exposing employee payroll data, customer personal information, and shipment details from the Balikbayan Box Tracker system.
-
Impact: The breach posed a risk to the personal and financial data of individuals, with possible identity theft concerns arising.
-
Response: The Bureau of Customs worked with law enforcement to investigate the breach and improve system security.
-
Source: https://newsinfo.inquirer.net/1927774/customs-bureau-latest-govt-victim-of-hackers
CHED, Automobile Association Philippines, Bureau of Customs' Balikbayan Box Tracker, Barangay Almangugan of Palawan Breach (2024)
-
Incident: DeathNote Hackers exposed sensitive information from several Philippine government agencies, including CHED, the Automobile Association Philippines, the Bureau of Customs' Balikbayan Box Tracker system, and Barangay Almangugan of Palawan.
-
Impact: The breach affected thousands of individuals, with personal information such as names, addresses, and transaction histories leaked.
-
Response: Authorities quickly initiated investigations to secure affected systems and provide support to impacted citizens.
-
Source: https://tonite.abante.com.ph/2024/05/31/ched-dilg-29-ahensiya-pa-tinarget-ng-mga-hacker/
Chinese Cyberattack Concerns and Philippine Hacktivist Response (2024)
-
Incident: DeathNote Hackers has issued a warning about potential cyber threats against a civilian-led Philippine coalition. In a recent post on their social media page, the group expressed serious concerns over the security of a new website, westphilippinesea.info, which is connected to the West Philippine Sea initiative.
-
Impact: The cyberattack further strained international relations, especially between the Philippines and China, over concerns about the security of sensitive data in geopolitical conflict zones.
-
Response: The Philippine government condemned the attacks but acknowledged the rise in cyber warfare tactics being employed by both sides.
-
LIST WILL BE UPDATED