Pakistan Telecommunication Authority (PTA) warns Pakistani citizens of cyber-attacks. These cyberattacks are targeting Pakistan’s telecom sector, leaving the country’s digital defense system vulnerable. This alarming situation was also detailed in the PTA’s Annual Cybersecurity Report 2024-2025. This report highlighted a surge in advanced, identity-targeted threats employing evasion and deceptive tactics.
This report further sheds light on 10,000 above critical alerts, almost 1500 crucial cases, and over 500 core systems being disrupted and blocked by the National Telecom Security Operations center (NTSC). In May and April 2025, NTSC reported 25 DDoS attacks and over 100 dark web threats, which is a clear indication of AI-powered cyber-attacks focused mainly on digital theft and network disruption.
This report highlights an increase in hostile entities adopting “loving-off-the-land” LoTL techniques, leveraging legitimate software tools and user privileges rather than conventional detectable malware. These tactics include using built-in scripts, stealing passwords, hiding their activity, and manipulating people through social engineering. This approach makes the virus undetectable by conventional antivirus programs and other traditional security systems that PTA might have employed for national security.
PTA operational data highlights a national threat, shows that the National CERT portal issued almost 150 cybersecurity advisories, 534 malicious IPs and domains were blocked, and a large amount of private data that belonged to the telecom sector was found on the dark web.
What Sectors Are Cyber-Attacks Targeting?
Reports narrow the targeted sectors. These sectors include educational institutions, telecom bases, law enforcement, and government agencies, clearly hinting at something bigger in the making. PTA further identified persistent and state-sponsored Advanced Persistent Threat (APT) teams behind these digital smearing campaigns. Hacktivist group R00TK1T hacked judicial and municipal portals, Sidewinder employed localized decoys and command-and-control servers, APT36 used malicious PDFs and Android spyware, APT41 targeted supply chain deficiencies, and Turla uses steganography and watering-hole approaches.
To minimize the chances of these cyber-attacks, PTA has introduced multifactor authentication, zero trust frameworks, automated intelligence sharing, and 48–72 hours’ breach reporting. Pakistan’s telecom sector has grown over the past few years, but these cyber-attacks have made hidden weaknesses come to light, like weak encryption, network monitoring, and application security. Therefore, to overcome these weaknesses, PTA has emphasized persistent investment in digital platforms and encryption, stronger inter-agency coordination, and adherence to CTDISR 2025 standards to ensure zero compromise on national security.
