Cybersecurity firm warns of seven persistent threats to Pakistan

• Pakistan hit by one million cyberattacks every month.
• Ransomware, banking malware, spyware and backdoors rampant.
• Experts urge patching, EDR, XDR and strong cyber hygiene.

ISLAMABAD: A global cybersecurity firm has identified seven advanced persistent threat (APT) groups targeting Pakistan’s government, intelligence agencies, oil and gas industry, and corporate sector in a bid to steal sensitive information, The News reported on Saturday.

It said there are around one million such attacks every month, meaning Pakistan faces cyberattacks on a per-minute basis. The attempts seek to extract vital data from devices such as computers, laptops and mobile phones, and in some cases via insecure Wi-Fi networks.

According to the data, more than 5.3 million on-device attacks were detected in Pakistan in the first nine months (January to September) of the current calendar year, compared to 2.5 million web threats over the same period.

The data is stolen and then placed on the Dark Web for various reasons. The banking and financial sector, including insurance companies, also faced such attacks, but they were reluctant to share details.

During a media briefing session here on Friday, Dmitry Berezin, Kaspersky’s Global Security Expert, focused on pressing cyberthreats facing the country, including exploits, ransomware, and advanced targeted attacks. “Understanding the growing and increasingly sophisticated cyberthreat landscape is crucial for organisations, while individuals should also stay aware and follow fundamental cyber hygiene principles,” Kaspersky advised.

According to the Kaspersky data, among over 5.3 million on-device attacks from January to September, 27 per cent of all users and 24 per cent of corporate entities faced malware delivered via infected USB drives, CDs, DVDs, and hidden installers, including ransomware, worms, backdoors, trojans, password stealers, and spyware.

In the same period, over 2.5 million web attacks were blocked by Kaspersky solutions: 16 per cent of all users and 13 per cent of corporate entities faced web-based threats, which included phishing scams, exploits, botnets, Remote Desktop Protocol attacks, and network spoofing, such as fake Wi-Fi networks.

More detailed statistics by malware types showed over 354,000 exploitation attempts were stopped by Kaspersky solutions, 166,000 banking malware detected, 126,000 spyware attacks prevented, 113,000 backdoors and 107,000 password stealers blocked. Ransomware attacks, which are not characterised by mass distribution but are more targeted at specific victims, were detected 42,000 times.

Top exploited vulnerabilities in Pakistan included two from 2025 in 7-Zip and several from previous years in Microsoft Office, HTML, WinRar, VLC player and Notepad++. This underscores the importance of timely updates both by individuals and organisations.

Furthermore, ransomware remains a leading cause of corporate cyber incidents globally and in Pakistan, with targeted groups selecting high-value victims across governments and enterprises. Effective defence requires a combination of prevention and response actions. 

These include adopting rigorous patching, strong authentication, restricted remote access, deployment of endpoint detection and response (EDR) and extended detection and response (XDR) solutions such as those from the Kaspersky Next product line, regular backups, and continuous user awareness to mitigate phishing-driven initial access.

Kaspersky shared that Pakistan is a focus for seven advanced persistent threat (APT) groups. Both established and emerging groups target telecoms and financial services, critical infrastructure, defence, and government entities, while also extending their reach into commercial and emerging industries.

APT groups quickly adapt their tactics, techniques, and procedures. One such example of a significant shift in tactics is seen in the recent targeted campaign, monitored by Kaspersky, by the APT group called “Mysterious Elephant” that primarily targets organisations across the Asia-Pacific region, including Pakistan.

It aims to steal highly sensitive information, including documents, images, and archived files, with WhatsApp data targeted for exfiltration. In their 2025 campaign, the attackers use a combination of exploit kits, personalised spear-phishing emails, and malicious documents, tailoring each attack to specific victims to gain initial access. Once inside the network, the threat actor employs a variety of tools and techniques to escalate privileges, move laterally, and exfiltrate sensitive data.

“Some threats are distributed widely, while others are highly focused. For example, exploitation of 0-day vulnerabilities is a tactic that is used by sophisticated cybercriminals in attacks such as ransomware and advanced persistent threats,” commented Dmitry Berezin, Kaspersky’s Global Security Expert. “Understanding the threat landscape becomes an operational necessity: when you know which threats are active in the region, you can fine-tune the security controls to be proactively protected against them.”

The global firm advises individuals to educate themselves and make cyber hygiene principles part of their IT routines, secure their devices with proper solutions, and regularly install updates and back up valuable data. 

Defensive measures for organisations should include assessment of IT infrastructure and using solutions needed to secure all its elements – from endpoint protection to extended detection and response products; having threat intelligence; developing and updating cybersecurity policies and employee trainings, such as those available within Kaspersky Security Awareness Platform.