› #CyberSecurity

Blog Archives

Latest Posts

Monthly

All Posts in #CyberSecurity

July 31, 2025 - Comments Off on Courier Scam exploiting Digital Platforms busted by Lahore Police

Courier Scam exploiting Digital Platforms busted by Lahore Police

Lahore Police, with the assistance of InDrive, successfully busted an elaborate scam operation which was using data from ride-sharing platforms to target and defraud customers. The gang’s ring-leader used prior access to driver records and manipulated courier verification requirements to swindle unsuspecting customers from their possessions.. Materials worth hundreds of thousands of rupees, including electronics and clothing items were reportedly recovered in this crackdown.

May 9, 2025 - Comments Off on Pakistan’s Economic Affairs Division X Account Hacked Amid Rising Tensions

Pakistan’s Economic Affairs Division X Account Hacked Amid Rising Tensions

Pakistan's Ministry of Economic Affairs reported that its official X (formerly Twitter) account was compromised on Friday, following the appearance of a post appealing to international partners for additional loans amid escalating tensions with India. Source: ssb crack

The unauthorized post stated: "Govt of Pakistan appeals to International Partners for more loans after heavy losses inflicted by the enemy. Amid escalating war and stocks crash, we urge international partners to help de-escalate." Source: Profit Pakistan

In response, the Ministry clarified that the message was not officially sanctioned and that efforts were underway to regain control of the account. The Ministry of Information and Broadcasting's fact-checking wing labeled the post as "fake," asserting that the account had been hacked. Source: Express Tribune

This incident occurs amidst heightened geopolitical tensions following India's recent military operations, including "Operation Sindoor," targeting alleged terrorist infrastructures in Pakistan. The situation has led to increased cyber activities, with both nations accusing each other of digital intrusions. Source: Times of India

May 7, 2025 - Comments Off on Pakistan Issues Cybersecurity Advisory Amid Escalating India Tensions

Pakistan Issues Cybersecurity Advisory Amid Escalating India Tensions

As tensions with India intensify, Pakistan’s National Cyber Emergency Response Team (CERT) has issued a cybersecurity advisory warning of a surge in cyberattacks and misinformation campaigns targeting national infrastructure.

The advisory highlights that hostile actors are exploiting the regional conflict to spread disinformation, phishing attempts, and fake news via social media and messaging platforms to destabilize public perception.

“Hostile elements are trying to sow chaos and exploit uncertainty,” the advisory noted, urging citizens not to share unverified updates, especially via WhatsApp or X.

CERT called for extreme caution when clicking on suspicious links or engaging with questionable content, emphasizing the need to rely solely on trusted, official sources.

The advisory follows India’s recent airstrikes on Pakistani cities and the Pakistan military’s retaliation, which reportedly downed five Indian jets. Government officials have warned of continued digital warfare alongside conventional military escalations.

CERT has recently requested citizens to join its WhatsApp channel to stay updated on comprehensive cybersecurity updates including verified threats, official advisories, disinformation alerts, best practices, and emergency responses. The channel can be joined via this link: https://whatsapp.com/channel/0029VaN7FrQHVvTcbX9KmI26

Source: https://www.samaa.tv/2087333043-cert-warns-pakistan-of-growing-cyber-attacks-amid-india-tensions#google_vignette

April 29, 2025 - Comments Off on NCERT warns against sharing sensitive military content amid rising tensions

NCERT warns against sharing sensitive military content amid rising tensions

Amid growing India-Pakistan tensions, India’s National Cyber Emergency Response Team (NCERT) has issued a stern advisory warning media personnel and content creators against posting sensitive national security information online.

The advisory highlights a surge in the circulation of videos, images, and commentary disclosing troop movements and military deployments. NCERT warned that such disclosures, whether intentional or accidental, could endanger national security and aid adversaries in planning hostile actions. It further cautioned that sharing mapping coordinates, terrain analysis, or logistical details could assist hostile actors in gathering open-source intelligence, refining targeting strategies, and planning ambushes. The agency also flagged the spread of deepfake content and false narratives, noting their potential to trigger civil unrest or public panic. Media professionals and social media users were urged to refrain from amplifying unverified military-related content and to report disinformation.

A separate NCERT alert issued a day earlier warned of possible state-sponsored cyberattacks targeting Pakistan’s critical infrastructure, media, and government entities.

March 6, 2025 - Comments Off on Government Cybersecurity Team warns against new phishing, malware campaign

Government Cybersecurity Team warns against new phishing, malware campaign

https://www.techjuice.pk/ncert-warns-of-lumma-stealer-malware-spread-through-fake-captcha-pdfs/

https://www.samaa.tv/2087329922-advisory-issued-for-organisations-to-protect-against-deceptive-pdfs-and-malicious-websites

The National Computer Emergency Response Team (NCERT), The Pakistan government’s national cybersecurity agency issued a large-scale warning concerning the presence of a new phishing campaign that has targeted tech, financial services and manufacturing in North America, Asia and parts of Europe. According to TechJuice, the phishing campaign employs and spreads Lumma Stealer malware via “fake CAPTCHA images embedded in PDF files.” Further to this, according to TechJuice,

“Cybercriminals are leveraging search engine manipulation to distribute malicious PDFs that redirect users to deceptive websites. These sites either capture sensitive financial information or deploy Lumma Stealer malware through PowerShell scripts using MSHTA commands. The PDFs, hosted on platforms such as PDFCOFFEE, PDF4PRO, and Internet Archive, appear legitimate in search results, increasing the risk of users falling victim to the scam.

Lumma Stealer, a Malware-as-a-Service (MaaS) tool, is capable of extracting login credentials, browser cookies, and cryptocurrency wallet information. Additionally, it installs GhostSocks, a proxy malware that exploits victims’ internet connections. Stolen data is reportedly being sold on underground forums like Leaky[.]pro. Malicious domains linked to this campaign include pdf-freefiles[.]com, webflow-docs[.]info, secure-pdfread[.]site, and docsviewing[.]net.”

February 11, 2025 - Comments Off on Govt’s Ignite National Tech Fund website hacked, quickly restored.

Govt’s Ignite National Tech Fund website hacked, quickly restored.

The website of the Ignite National Tech Fund, a government-backed startup incubator, was hacked on Monday evening, raising serious concerns about the government and the security of its websites and other platforms. The hacking of the website resulted in the website being inaccessible – or accessible with great difficulty – for several hours, with animated cartoons being used to break into the website. Ignite officials claimed that not only had the website been restored, however, but that security measures had been fortified in response.

What Ignite and other government officials were not able to publicly discuss, however, were the identity of the parties responsible for the hack, or what weaknesses in the system had been exploited. Whether this was due to an in-depth investigation yet to be undertaken, or other reasons pertaining to security, has yet to be seen.

January 27, 2025 - Comments Off on NTISB warns users to avoid 16 malicious VPN and AI browser extensions

NTISB warns users to avoid 16 malicious VPN and AI browser extensions

The National Telecom and Information Technology Security Board (NITSB) highlighted 16 potentially malicious browser extensions for users to avoid.

According to the NITSB, the extensions identified, which include VPN and AI extensions, contain potential threats of hacking and data breaches. The list of extensions identified includes AI Assistant — ChatGPT and Gemini for Chrome, Bard AI Chat Extension, GPT 4 Summary with OpenAI, Search CoPilot AI Assistant for Chrome, Wayin AI, VPNCity, Internxt VPN, Vidniz Flex Video Recorder, VidHelper Video Downloader, Bookmark Favicon Changer, UVoice, Reader Mode, Parrot Talks, Primus, Trackker — Online Keylogger Tool, AI Shop Buddy, and Rewards Search Automation.

These extensions were among the targets of a large-scale data and credential theft attack by hackers last month. The advisory by NITSB urged users to avoid these extensions, only use trusted and extensively-reviewed extensions, and to read permissions carefully before granting them.

The use of VPNs has skyrocketed in Pakistan since the X ban last February, which is a reason for the surge in demand for VPN browser extensions as well.