The National Cyber Emergency Response Team has issued a high priority advisory warning government institutions about a sophisticated phishing campaign allegedly launched by the Indian origin Advanced Persistent Threat group known as SideWinder.
According to the advisory, the campaign is specifically targeting government organizations in Pakistan and aims to steal sensitive information, compromise official credentials, and infiltrate critical systems. The group is also tracked under names such as Rattlesnake and Hardcore Nationalist.
The phishing operation reportedly targets employees in public sector organizations by impersonating trusted institutions through fake domains and malicious URLs. Counterfeit websites mimicking organizations such as the Ministry of Defence, Ministry of Finance, National Electric Power Regulatory Authority, and the National CERT itself have been identified as part of the campaign.
NCERT has urged organizations to immediately block the malicious domains across email servers, firewalls, and endpoint security systems, while also enforcing multi factor authentication on all sensitive systems.
The advisory further recommends the deployment of Endpoint Detection and Response tools to identify suspicious processes triggered by malicious attachments, alongside resetting credentials of any users who may have interacted with suspicious links.
Officials warned that a successful breach could lead to compromised credentials, malware installation, and deeper infiltration into critical infrastructure, urging all departments to remain highly vigilant against phishing emails and fake urgent account related messages.