The National Computer Emergency Response Team (NCERT) has issued a warning about a cyber threat targeting government organizations in Pakistan.
According to the advisory, investigations have found that deceptive WhatsApp messages are being sent to high-level officials, falsely claiming to be from Md. Amin, Deputy Director at the Prime Minister’s Office.
The fake messages pretend to be invitations to a SIFC Committee Meeting on Power, allegedly chaired by the Prime Minister. These messages include a WinRAR file with a login password. Extracting this file activates malware that can steal sensitive information.
According to the NCERT, the attackers aim to gather confidential data from government offices and ministries. The malware allows them to access compromised systems, which can lead to serious disruptions.
NCERT recommends that government organizations should establish a verification protocol to confirm the legitimacy of messages from high-level officials. Employees should use official communication channels, such as emails and phone numbers, to verify unexpected or suspicious messages. Additionally, it is crucial to ensure all systems have updated antivirus and anti-malware software with real-time protection enabled. Regular updates to operating systems, applications, and security patches are essential to protect against known vulnerabilities.
NCERT asks organizations to keep an eye on network traffic for connections to known malicious IP addresses and set up alerts for any suspicious activity. Blocking traffic to these IP addresses is necessary to prevent potential breaches.
Employees should be advised never to open compressed files from untrusted sources, and policies should be implemented to require verification and scanning of all attachments before opening. Using file integrity monitoring tools can help detect unauthorized changes to important files.
NCERT also suggests restricting the ability to download and execute files from messaging platforms on government-issued devices. Continuous monitoring and logging of network activities can help detect and respond to unusual or unauthorized access attempts. Developing a detailed incident response plan, including procedures for isolating infected systems and conducting forensic analysis, is crucial. Employees should report any suspicious messages or activities to the internal IT department or NCERT for further investigation.
Conducting mandatory cybersecurity training sessions focused on recognizing phishing attempts and distributing a cybersecurity awareness bulletin can also help in safeguarding sensitive information.
The National CERT has urged government entities to stay alert and implement these security measures to protect against such threats. According to NCERT, proactive steps and collaboration are crucial to safeguard sensitive information and ensure the security of government systems.
