The federal government has issued an advisory regarding Russian hackers.
According to the advisory issued by the Cabinet Division, a Russian hacker group is involved in targeting Pakistan’s military and civil setups.
Kill Net, an APT group, is targeting government institutions and the military with numerous attack vectors including DDoS attacks.
According to the advisory, the Pro-Russian APT group operates from Kremlin, Russia, and is active since January 2022. Kill Net is known for causing DDoS campaigns against the US and other Ukraine allies, and NATO countries in the backdrop of the Russia-Ukraine war. Kill Net has often targeted Pakistan’s military and civil setups.
According to the advisory, the Kill Net uses DDoS and brute force dictionary attacks as the main weapons to cause mass service disruption of vulnerable public-facing CII. In most cases, Kill Net DDoS attacks have caused short downtime for victims. However, it leads to embarrassment for nations globally.
The cabinet division has asked government institutions to adopt proactive preventive measures against DDoS and other cyber-attacks. It has advised the institutions to monitor networks at the administration level including file hashes, file locations, logins, and unsuccessful login attempts, and use reputed firewalls, IPS/IDS, and SIEM solutions.
The cabinet division has advised restricting incoming traffic and user permissions to the maximum extent and allowing internet access to specific users on a need basis and restricting data usage rights. It has asked government institutions and officials to verify software and documents before downloading via digital code-signing technique.
The cabinet division has asked the government institutions to implement MFA in mailing systems administrator controls and other critical systems. And always maintain a backup of critical data periodically.
It has advised to regularly change passwords at the administrator level as well as regularly patch and update all OS, applications, and other technical equipment.
The cabinet division has asked to ensure anti-DDOS service is provided with website domain hosting from ISP and enable firewalls including Next-Gen Firewall (NGF), Web Application Firewall (WAF), and Network-Based Firewall etc.
It has advised enabling SIEM and event logging 24/7 to detect anomalies in internet usage and traffic spikes and ensure fragmentation and multi-content delivery network and filter incoming traffic and block suspicious traffic after deep packet inspection.
The cabinet division has advised the government institutions to take other preventive measures including updating applications, hardening IT equipment, using strong passwords, and ensuring data backups. It has network administrators to block all malicious domains, URLs, and hashes of documents at the firewall/network including APT Kill Net.
