What Happened
On February 15, 2026, the threat actor group Storm Breaker Security PH posted on their Facebook page claiming responsibility for a Distributed Denial of Service (DDoS) attack against the DepEd Division of Malabon City website (depedmalaboncity.ph).
The post included a link to a check-host.net report showing the website returning "Connection timed out" from every monitored location worldwide, including Austria, Brazil, Bulgaria, Canada, Cyprus, Czechia, Finland, France, Germany, Hong Kong, Hungary, and India. A browser screenshot confirmed the site was unreachable with an `ERR_CONNECTION_TIMED_OUT` error.
The post was signed by ~Ph.Bl4ke with special greetings to Black Bytes, Anonymous San Mateo, Pinoy Xploitsec, and xBL4z3R-Sec PH, and addressed "ALL FILIPINO HACKTIVIST."
Impact
- Complete service disruption — the DepEd Malabon City website was rendered entirely inaccessible during the attack
- No known data breach — DDoS attacks disrupt availability but typically do not involve data exfiltration
- Public-facing services affected — parents, students, and staff were unable to access division resources and announcements during the downtime
Attacker
Storm Breaker Security PH is a Philippine-based hacktivist group that targets websites of educational and government institutions. This DDoS attack occurred approximately one month before the same group claimed a website defacement of a senior high school under the same DepEd Malabon division, suggesting an ongoing campaign against Malabon City educational infrastructure.
Why This Incident Matters
- Escalation pattern — the DDoS in February was followed by a defacement of a Malabon school website in March, indicating persistent targeting of the division
- Government education services disrupted — DepEd division websites serve as critical communication channels for schools, parents, and staff
- Low barrier to entry — DDoS attacks require relatively little technical skill but can cause significant disruption to under-resourced institutions
How to Prevent This
- 1.Use a CDN or DDoS mitigation service — services like Cloudflare or AWS Shield can absorb and filter malicious traffic
- 2.Enable rate limiting — configure web servers and firewalls to limit requests per IP
- 3.Implement geographic filtering — if the site primarily serves a local audience, consider restricting or rate-limiting international traffic during attacks
- 4.Monitor uptime proactively — set up automated alerts for downtime so response teams can act quickly
- 5.Have an incident response plan — ensure IT staff know how to activate DDoS mitigation measures when an attack is detected