Pakistan is facing an escalating wave of cyberattacks, with seven advanced persistent threat (APT) groups actively targeting government agencies, intelligence services, the oil and gas sector, and corporate entities, a global cybersecurity firm has revealed. According to Kaspersky, the country experiences around one million attacks every month, equating to cyber threats on a per-minute basis.
From January to September 2025, over 5.3 million on-device attacks were detected, while more than 2.5 million web-based threats were blocked. The attacks range from malware delivered via USB drives, CDs, and hidden installers to phishing, botnets, and Remote Desktop Protocol exploits. Stolen data is often sold on the Dark Web. The banking and financial sectors, including insurance firms, were also targeted but have largely withheld information about the attacks.
Read More: Pakistan records over 5.3 million cyberattacks in 2025
Ransomware remains a significant concern, targeting high-value victims, while exploitation of software vulnerabilities in programs like 7-Zip, Microsoft Office, VLC Player, and WinRAR continues to pose risks. Kaspersky highlighted the importance of timely software updates, strong authentication, restricted remote access, endpoint detection, and regular backups as crucial defensive measures for both individuals and organisations.
One of the most active APT groups, “Mysterious Elephant,” has been conducting highly targeted campaigns across the Asia-Pacific region, including Pakistan. Their tactics include spear-phishing emails, malicious documents, and exploit kits to exfiltrate sensitive information such as documents, images, and even WhatsApp data. Once inside networks, attackers escalate privileges and move laterally to steal critical data.
Read More: Global cyberattack exposes data of qantas and major firms
Kaspersky advises individuals to adopt strict cyber hygiene, including securing devices with robust solutions, regular software updates, and data backups. Organisations are encouraged to assess their IT infrastructure, deploy extended detection and response (XDR) solutions, and maintain continuous employee training to counter the evolving cyber threat landscape.