ISLAMABAD: Hackers from India and North Korea are said to be attacking Pakistan’s most valuable data including that of financial services, defence, and Ministry of Foreign Affairs (MoFA).
According to a letter sent to all the ministries and their attached departments, Pakistan’s Cyber Space remains a target of cyber offensive activities of global security giants. Cyberattacks are increasing in intricacy and magnitude of impact across all organisations which possess the most valuable data including financial services, government, education and health sectors, etc.
Threat intelligence report for the period (November 22, 2022 to January 1, 2023) is as follows: (i) analysis reveals that attack vectors have not targeted Secure ISP users; (ii) major attack vectors for targeting institutes are macro-enabled files, phishing, dropping payloads, domain phishing, Microsoft office base payloads; (iii) 35x malicious samples identified targeting critical information infrastructure including Ministry of Foreign Affairs (MoFA), Prime Minister Office (PMO), Defence Organizations, PAF, Army, banks and educational institutions;(iv) 21x suspicious domain names impersonating ministries, defence services, educational institutes and Anti-Virus service providers were identified; and (v) India and North Korea were among key initiators of targeted cyberattacks.
The suspicious file/ domain names are: (i) IBO- Lodhran.doc (target GoP-CTD);(ii) USDeptof-Statefundallocationsfor Pakistan. Dox (target GoP-CTD);(iii) Prime Minister’s visit to Turkiye.doc (target PM Office &MoFA );(iv) 4x doc file(RFQQUOTA-TION.doc s6604166915347 892625382 RFQQUOATION.doc, NEWOR-DER.doc, 59NEW_ORD-ER.doc)( GoP&Defence Services);(v) 3x impersonating domains (mofs-gov.org,mailv.mots-gov.org, mailpakbj.online (target Ministry of Finance);(vi) nbpfunds.online 184.108.40.206 (National Bank of Pakistan); and (vii) Bloggerboy.buzz 64.190. 113.97 orangeholister.buzz (target Pakistan Government and military, etc.
Copyright Business Recorder, 2023