Islamabad, November 15, 2025: Pakistan is facing an alarming surge in cyber intrusions, with seven advanced persistent threat (APT) groups actively targeting government institutions, intelligence agencies, critical industries, and private-sector organisations, a national English daily reported on Saturday, citing global cybersecurity firm Kaspersky.
The firm revealed that Pakistan is hit by nearly one million cyberattacks every month — translating into multiple attacks every minute — with attempts aimed at stealing sensitive information from computers, mobile phones, corporate networks, and even insecure Wi-Fi systems.
Between January and September 2025, Kaspersky detected more than 5.3 million on-device attacks across Pakistan, in addition to 2.5 million web-based threats during the same period. Much of the stolen data is believed to be trafficked on the Dark Web for financial or intelligence-gathering purposes.
The country’s banking, insurance, and broader financial sectors were also targeted, though many institutions were reluctant to publicly disclose details of such breaches.
Speaking at a media briefing in Islamabad on Friday, Dmitry Berezin, Kaspersky’s Global Security Expert, said Pakistan was facing a rapidly evolving cyberthreat landscape dominated by exploits, ransomware, and sophisticated targeted attacks.
“Understanding the growing and increasingly sophisticated cyberthreat landscape is crucial for organisations, while individuals must follow fundamental cyber hygiene practices,” Berezin said.
Kaspersky’s data showed that among the 5.3 million device-based attacks 27% of all users and
24% of corporate entities were hit by malware infiltrated via USB drives, CDs, DVDs, or hidden installers. These included ransomwares, worms, backdoors, trojans, password stealers, and spyware.
Additionally, over 2.5 million web attacks were blocked from January to September. 16% of users and 13% of businesses encountered threats such as phishing, botnets, Remote Desktop Protocol (RDP) attacks, and fake Wi-Fi networks.
Kaspersky solutions prevented,
- 354,000 exploitation attempts
- 166,000 banking malware attacks
- 126,000 spyware infections
- 113,000 backdoor attempts
- 107,000 password-stealer attacks
- 42,000 ransomware detections
While ransomware attacks were fewer in number, they were aimed at high-value targets including government departments and major enterprises.
Some of the most exploited software vulnerabilities in Pakistan included:
- Two newly identified flaws (2025) in 7-Zip
- Older vulnerabilities in Microsoft Office, WinRAR, HTML tools, VLC Player, and Notepad++
Kaspersky stressed the need for regular system updates, as outdated software continues to be an easy entry point for attackers.
Pakistan remains a key target for seven major APT groups, both well-established and emerging. These groups are actively targeting:
- Telecom and banking institution
- Government and defence organisations
- Critical infrastructure
- Commercial and emerging industries
These actors are known for quickly adapting their tactics, techniques, and procedures.
One example cited by Kaspersky was the APT group “Mysterious Elephant”, active across the Asia-Pacific region. Their 2025 campaign targeted Pakistan among other countries, aiming to steal confidential documents, images, archived files, and even WhatsApp data.
The group used:
- Exploit kits
- Customised spear-phishing emails
- Malicious documents
Once inside a system, they moved laterally, escalated privileges, and exfiltrated highly sensitive data.
Berezin emphasised that sophisticated criminals increasingly rely on 0-day vulnerabilities and targeted intrusions, “Knowing which threats are active helps organisations fine-tune security controls and stay proactive.”
Kaspersky’s recommendations
For individuals:
- Follow strong cyber hygiene practices
- Install updates regularly
- Use reputable security tools
- Back up essential data
For organisations:
- Conduct full IT infrastructure assessments
- Implement endpoint protection and XDR/EDR systems
- Use verified threat intelligence
- Regularly update cybersecurity policies
- Train employees via programmes like the Kaspersky Security Awareness Platform
