Cyber Command Armed Forces of the Philippines

FORUM ENGAGEMENT | Strengthening Cyber Resilience Through Citizen Participation

On 28 May 2026, Protecta Pilipinas, in partnership with the Department of National Defense, Armed Forces of the Philippines, and Cybercrime Investigation and Coordinating Center, hosted the forum entitled “Citizens on the Frontline: Mobilizing a Volunteer Corps to Strengthen Infrastructure Security and Cyber Resilience” at the PLDT Smart Pressroom, Ramon Cojuangco Building, Makati City.

The activity formally opened with remarks from Atty. Roy D. Ibay, Vice President and Head of Regulatory Affairs of Smart Communications, and gathered key leaders from government, defense, private sector, and civil society organizations to discuss the growing importance of collective action in strengthening the country’s cyber resilience and critical infrastructure protection.

Among the distinguished panelists was BGEN JOEY T FONTIVEROS PA, Commander of Cyber Command, Armed Forces of the Philippines, who emphasized the vital role of reservists and civilian participation in advancing the nation’s cyber defense capability. He highlighted the successful integration of reservists during multinational Cyber Defense Exercises conducted in recent military engagements, stressing the importance of immersing cyber volunteers in realistic operational environments to strengthen preparedness, interoperability, and mission effectiveness.

BGEN FONTIVEROS PA likewise underscored the importance of sustaining and professionalizing the country’s cyber workforce through long-term institutional support, legislative initiatives, and continuous capability development. He emphasized that beyond technical skills and knowledge, nationalism and patriotism remain essential foundations in building a resilient and mission-ready cyber defense force.

The forum reinforced the significance of a whole-of-nation approach in addressing emerging cyber threats and safeguarding the country’s digital and critical infrastructure.

CYBER ALERT: Authorities Warn About “Kali365” Phishing Kit Targeting Microsoft Accounts

The authorities have issued a warning regarding the growing use of the “Kali365” phishing kit, a cybercriminal tool designed to steal Microsoft OAuth tokens and compromise user accounts at scale. Unlike traditional phishing attacks that only capture usernames and passwords, this advanced technique abuses OAuth authentication to gain persistent access to email accounts, cloud services, and sensitive organizational data without immediately triggering suspicion. Government agencies, businesses, educational institutions, and ordinary users who rely on Microsoft 365 services are strongly encouraged to remain vigilant, as attackers may use fake login pages, malicious links, and deceptive emails to trick victims into granting unauthorized access. In the Philippine digital environment where remote work, online collaboration, and cloud-based services are widely used, this threat can lead to data breaches, financial fraud, identity theft, and operational disruption if proper cybersecurity practices are not observed.

Key Facts About the Kali365 Phishing Threat:

-Kali365 is a phishing kit specifically designed to target Microsoft 365 users.
-It steals OAuth authentication tokens instead of only collecting passwords.
-OAuth tokens may allow attackers to bypass some security protections after login.
-Compromised accounts can provide access to emails, files, and cloud services.
-Attackers commonly distribute phishing links through fake emails and messages.
-The campaign is capable of targeting multiple victims at large scale.
-Organizations using Microsoft cloud services are among the primary targets.

Red Flags to Watch For:

-Unexpected Microsoft login prompts received through email or chat.
-Emails urging immediate account verification or password reset.
-Login pages with unusual URLs or misspelled domain names.
-Requests asking users to “grant permissions” to unfamiliar applications.
-Multi-factor authentication (MFA) prompts you did not initiate.
-Suspicious notifications about account lockouts or expired sessions.
-Unauthorized logins or unusual activity detected in your Microsoft account.

Recommendations to Stay Protected:

-Always verify the legitimacy of Microsoft login pages before entering credentials.
-Enable Multi-Factor Authentication (MFA) on all important accounts.
-Avoid clicking links or downloading attachments from unknown senders.
-Regularly review connected apps and revoke suspicious OAuth permissions.
-Keep operating systems, browsers, and security software updated.
-Conduct cybersecurity awareness training within organizations and workplaces.

Immediately report suspicious emails or login attempts to your IT or cybersecurity team.

CYBER AWARENESS | Beware of QR Code Scams “Quishing”

QR codes have become part of everyday life, from digital payments and restaurant menus to online registrations and delivery tracking. However, cybercriminals are now exploiting this convenience through a scam known as “Quishing” or QR phishing. In this type of attack, fake or malicious QR codes are used to redirect victims to fraudulent websites designed to steal login credentials, banking information, OTPs, or personal data. Because QR codes cannot be easily read by the human eye, users may unknowingly scan dangerous links that appear legitimate.

KEY FACTS
> “Quishing” is a form of phishing attack that uses malicious QR codes.
> Fake QR codes may redirect users to fraudulent websites or malware downloads.
> Cybercriminals commonly place fake QR codes in public areas or distribute them through emails, text messages, and social media.
> Attackers often imitate trusted organizations, payment services, or delivery companies to appear legitimate.
Smartphones are the primary target since QR codes are commonly scanned using mobile devices.

RED FLAGS TO WATCH FOR
> QR codes that appear tampered with, pasted over, or poorly printed
> Messages creating urgency such as “Scan Now,” “Verify Immediately,” or “Claim Your Reward.
> Redirected websites with suspicious URLs, misspellings, or unusual domain names
> Requests for sensitive information such as passwords, OTPs, banking details, or personal data.
> QR codes sent from unknown contacts or unofficial social media accounts.

RECOMMENDATIONS TO AVOID QUISHING SCAMS
> Verify the source before scanning any QR code
> Preview the URL first and ensure it matches the official website
> Avoid scanning random QR codes posted in public places without validation.
> provide sensitive information on websites accessed through unknown QR codes
>Enable multi-factor authentication (MFA) for added account security.
> Keep mobile devices and security applications updated to protect against threats.
> Report suspicious QR codes or phishing attempts to proper authorities or IT administrators.

Safeguarding the 48th ASEAN Summit: Cyber Command, AFP Strengthens National Cyber Defense

The Cyber Command, AFP has been awarded with the Certificate of Commendation by the National Organizing Council (NOC) as a Key Stakeholder in ensuring the success and security of the 48th ASEAN Summit which was formally received by COL ROMAN MABBORANG PA, who stood on behalf of BGEN JOEY T FONTIVEROS PA The recognition was formally held at the Philippine International Convention Center on 18 May 2026, highlighting the vital role of the Command in safeguarding the country’s cyber infrastructure and supporting national efforts to maintain a secure and stable digital environment during one of the region’s most significant international gatherings. As cyber threats continue to evolve, the participation of Cyber Command, AFP demonstrates the government’s commitment to strengthening cybersecurity and protecting critical communication and information systems throughout the summit activities.

As the primary unit responsible for maintaining network security and cyber operations for the summit, Cyber Command, AFP plays a central role in protecting critical communication systems, government networks, and digital platforms from possible cyber threats and disruptions. Through advanced cybersecurity measures, real-time monitoring, and coordinated cyber defense operations, the Command ensures that all digital communications and information systems remain secure and fully operational throughout the international event. The unit’s preparedness and technical expertise demonstrate the Armed Forces of the Philippines commitment to maintaining a secure cyberspace in support of diplomatic and governmental activities.

The participation of Cyber Command, AFP in the 48th ASEAN Summit further reflects the Philippine government’s emphasis on cybersecurity as an essential component of national security and international cooperation. Guided by the leadership of BGEN JOEY T FONTIVEROS PA, the Command continues to enhance its operational capabilities, foster inter-agency collaboration, and promote resilience against evolving cyber threats. Through its dedicated service, Cyber Command, AFP reinforces the country’s readiness to support major international engagements while protecting the nation’s digital domain.

CYBER ALERT | Stay Anonymous, Avoid Online Doxxing
Online doxxing happens when personal or sensitive information (such as your full name, address, phone number, workplace, or private photos) is collected and publicly exposed without your consent, often with the intent to harass, threaten, or harm you. In today’s highly connected digital environment in the Philippines, anyone active on social media, gaming platforms, or online forums can become a target if proper privacy and security measures are not observed. Once personal data is exposed online, it can quickly spread and become difficult to remove, leading to identity theft, harassment, or even real-world safety risks.
Key Facts about Online Doxxing:
>It involves publishing private or identifying information without consent
>It can target individuals, groups, or even organizations
>Information can come from social media, data leaks, or phishing attacks
>It is often used for harassment, intimidation, or revenge
>Even small details can be combined to identify a person
Red Flags to Watch Out For:
>Suspicious accounts asking for personal information
>Unusual tagging or mentions of your personal details online
>Threats of “exposing” your identity or private data
>Sudden increase in unknown followers or friend requests
>Fake websites or forms requesting sensitive information
Recommendations to Avoid Doxxing:
>Limit sharing of personal details on public profiles
>Enable strict privacy settings on all social media accounts
>Avoid posting real-time location updates
>Use strong, unique passwords and enable two-factor authentication
>Be cautious when joining online communities or clicking unknown links
>Regularly check what personal information about you is publicly visible
Stay vigilant and protect your digital identity. Prevention is your strongest defense against online doxxing.

CYBER ALERT | HOW CYBERATTACKS PROGRESS

Cyber threats continue to target both government offices and private organizations, often exploiting common gaps such as weak passwords, unverified emails, and outdated systems. Many attacks begin with simple tactics like phishing messages disguised as bank alerts, delivery notices, or official communications from agencies.

Once a user unknowingly grants access, attackers quietly move through systems, looking for sensitive information such as personal data, financial records, or official documents. Understanding how these attacks unfold step by step is crucial in strengthening awareness and preventing incidents that could disrupt operations or compromise national and organizational security.

STEP-BY-STEP CYBERATTACK PROCESS:

1. Reconnaissance (Information Gathering)
Attackers collect publicly available information—social media profiles, government websites, and employee details—to identify potential targets.

2. Initial Access
Common entry methods include phishing emails posing as banks, delivery services, or even government agencies, as well as weak or reused passwords.

3. Ex*****on
Malicious links or attachments install malware or give attackers control over a device or account.

4. Persistence
Attackers establish hidden access to ensure they can return even after the system is restarted or passwords are changed.

5. Privilege Escalation
They gain higher-level access, such as administrative rights, to control critical systems and data.

6. Lateral Movement
Attackers spread across networks, accessing shared drives, email systems, and other connected devices.

7. Data Collection & Exfiltration
Sensitive information (e.g., personal data, financial records, operational documents) is collected and transferred to the organization without detection.

8. Impact
This may result in data breaches, financial loss, service disruption, or ransomware incidents affecting operations and public trust.

STAY PROTECTED:

• Be cautious of emails or messages claiming to be from banks, delivery services, or government offices

• Use strong, unique passwords and enable multi-factor authentication

• Regularly update systems and antivirus software

• Avoid using unauthorized or “shadow IT/AI” tools in the workplace

• Report suspicious activity to your IT or cybersecurity unit immediately

Cybersecurity is everyone’s responsibility, whether in government service or the private sector. Stay vigilant and protect our digital space.

CYBER ALERT | Beware of “SHADOW AI” : The Unseen Risks and Consequences

In today’s fast-paced digital environment, Artificial Intelligence (AI) tools are widely used to boost productivity, but not all usage is visible or controlled. “Shadow AI” refers to the use of AI platforms and tools without approval or oversight from an organization’s IT or cybersecurity teams. While convenient, this practice can expose sensitive data, bypass security controls, and create entry points for cyber threats.

Key Facts You Should Know:
• Many public AI tools store user inputs, which may be used for training or analysis
• Data entered into unsecured AI platforms can be permanently exposed or leaked
• Shadow AI bypasses organizational safeguards like firewalls, monitoring, and access control
• Even simple prompts can unintentionally reveal confidential or classified information
• Attackers can exploit AI tools to gather intelligence or launch targeted phishing attacks
• AI-generated outputs are not always accurate and may introduce misinformation into workflows
• Some AI platforms may operate under different data privacy laws depending on their location
• Employees often use Shadow AI unknowingly, thinking it is harmless or purely for convenience

Red Flags to Watch For:
• Uploading confidential documents into public AI tools
• Using unapproved AI apps for work-related tasks
• Sharing sensitive data with chatbots or AI generators
• Lack of awareness about how AI platforms handle data

How to Protect Yourself and Your Organization:
• Use only authorized and vetted AI tools approved by your organization
• Never input sensitive, classified, or personal data into unknown AI platforms
• Follow internal cybersecurity and data protection policies at all times
• Report any unauthorized AI usage or suspicious tools immediately
• Encourage discussions about safe and responsible AI use in the workplace

Tips to Stay Secure:
• Always check if an AI tool is approved before using it
• Read and understand the privacy policy of AI platforms
• Limit the amount of data you share, especially sensitive information
• Treat AI tools as external systems, not secure internal platforms
• When in doubt, ask your IT or cybersecurity team

REMINDER:
Shadow AI may seem helpful, but it can quietly put your organization at risk. Always prioritize security over convenience and use AI responsibly.

CYBER ADVISORY | Smishing Attacks: Don’t fall for smishing, verify before you click.
Have you ever received a text saying you won a prize, your bank account is locked, or your delivery failed? That message may look urgent and legitimate but it could actually be a smishing attack. Smishing (SMS phishing) is a cyber scam where attackers send deceptive text messages designed to trick you into clicking malicious links, downloading harmful apps, or revealing sensitive information such as OTPs, passwords, and personal details.
As mobile usage, e-wallet transactions, and online shopping continue to grow in the Philippines, cybercriminals are increasingly targeting everyday users through SMS because it feels more personal and trustworthy than email. One wrong click can lead to financial loss, identity theft, or even full account takeover.
DID YOU KNOW?
• Smishing scams often target users of mobile banking and e-wallets
• Attackers can use fake cell towers or SMS spoofing to make messages appear legitimate
• Some links automatically download malware once clicked
• Cybercriminals rely on fear and urgency to make victims act quickly without thinking
• Even tech-savvy users can fall victim if they are distracted or in a hurry
• A single compromised account can be used to scam your friends and contacts
• Personal data collected from smishing can be reused for future targeted attacks
RED FLAGS TO WATCH FOR:
• Messages from unknown or random phone numbers
• Spoofed sender names pretending to be banks, delivery services, or government agencies
• Urgent or threatening language (e.g., “Act now!”, “Account will be suspended!”)
• Suspicious or shortened links (e.g., bit.ly, tinyurl)
• Misspelled company names or unusual grammar
• Requests for OTPs, PINs, passwords, or personal information
• Notifications about prizes, rewards, or refunds you didn’t sign up for
• Messages about failed deliveries when you didn’t order anything
• Links that redirect to login pages mimicking official websites
• Messages sent at odd hours to pressure quick action
HOW TO PROTECT YOURSELF:
• DO NOT CLICK on links from unknown or suspicious messages
• Always verify messages through official websites, apps, or customer service channels
• Type URLs manually instead of clicking links from SMS
• Never share your OTP, PIN, or passwords—even if the message looks legitimate
• Enable two-factor authentication (2FA) for added account security
• Regularly update your phone’s software and security settings
• Install apps only from official app stores (Google Play Store / Apple App Store)
• Use mobile security or antivirus apps when possible
• Block and report suspicious numbers to your telecom provider
• Be cautious when posting your phone number publicly on social media

REMEMBER:
Legitimate organizations will NEVER ask for sensitive information through text messages. If something feels off, trust your instincts, ignore, delete, and verify through official channels. Staying alert is your best defense in today’s digital world.

Signal Regiment Battalion Commanders’ Leadership Forum: Integrating Leadership and Cyber Dominance

On 07 April 2026, the Battalion Commanders’ Leadership Forum of the Signal Regiment, Philippine Army, served as a vital platform for strengthening leadership, collaboration, and operational readiness in an increasingly complex digital battlespace. The event gathered battalion commanders and key leaders with the shared objective of enhancing strategic awareness and fostering unity of effort in addressing evolving cyber and information domain challenges. It reinforced the importance of leadership alignment in ensuring operational units remain responsive and resilient amid rapidly evolving technological threats.

During the forum, BGEN JOEY T FONTIVEROS PA of Cyber Command, AFP delivered a comprehensive lecture highlighting the critical role of Cyber Command in modern warfare. Aligned with the principle of “Dominating Emerging Cyber Threats Through Unified and Integrated Operations Across the AFP,” his discussion emphasized the necessity of synchronized efforts across all units. He underscored that signal officers are no longer just enablers—they are critical operators in ensuring command and control, information security, and cyber defense in joint operations. He further emphasized that cyber capabilities are no longer supplementary but are now central to achieving mission success in both peacetime and conflict scenarios.

Drawing from lessons observed in global conflicts, he outlined several key realities shaping today’s operational environment: cyber precedes kinetic war, civilian infrastructure is a target, information warfare is decisive, and attribution is difficult. These insights reinforced the urgency for commanders to integrate cyber awareness into their planning and decision-making processes.

The symposium was further enriched by other distinguished resource speakers who contributed diverse perspectives on the digital and cyberspace domain. Their collective insights provided a broader understanding of emerging threats, evolving strategies, and the need for adaptive leadership in a technologically driven battlespace. Overall, the forum highlighted the commitment of the Signal Regiment to continuously develop its leaders and capabilities in addressing the demands of modern and future warfare.

CYBER ALERT | Unmasking the Red Menshen Malware Threat

What is Red Menshen Malware?

Red Menshen is a sophisticated and stealthy type of malware that targets network infrastructure such as routers and firewalls. It is designed to quietly infiltrate systems, maintain long-term access, and allow cybercriminals to monitor, control, or manipulate network traffic without being easily detected. This makes it especially dangerous for organizations and even home networks, as attackers can use it for cyber espionage, data theft, and launching further attacks.

⚠️ Red Flags to Watch For:
• Unusual or unexplained network activity
• Sudden slowdowns in internet performance
• Unauthorized changes in router or firewall settings
• Unknown devices connected to your network
• Frequent system crashes or irregular behavior

How to Protect Yourself:
• Regularly update your router and firewall firmware
• Use strong, unique passwords for all network devices
• Disable remote management if not needed
• Install reliable security software and enable firewalls
• Monitor your network activity consistently

Practical Tips:
• Change default login credentials immediately
• Use a secure and encrypted Wi-Fi connection (WPA3 if available)
• Perform regular system and security audits
• Be cautious when clicking suspicious links or downloading unknown files
• Educate family members or employees about cyber threats

Reminder:
Cyber threats like Red Menshen are designed to stay hidden—your best defense is awareness and proactive security. Don’t wait for a breach before taking action. Secure your network today and protect your digital life!