The main website of Pakistan’s Export Development Fund (EDF), an autonomous agency under the Ministry of Commerce, was compromised in what seems to be the second-largest security breach any Pakistani institution has ever encountered in over a year.
According to exclusive material gathered by a major news site, the over 4GB data dump included files, hexed passwords, email records, email history, and other crucial information.
The hack illustrates how the attacker gained easy access to the EDF’s mainframe and extracted official documents from a variety of categories.
According to the evaluation, the website’s security was insufficient, allowing for intrusion.
According to raw data snapshots, the hacker is most likely foreign-born and is eager to sell the stolen information for $400 or the equivalent in Bitcoin via his Telegram channel.
According to our channel checks, the EDF website was restored a few hours after the attack; however, the site subsequently began naming former Prime Minister Imran Khan and former Commerce Advisor Abdul Razak Dawood as prominent figures.
The ministry modified its website once more in response to correspondence from regional media.
The Secretary of Commerce, Saleh Farooqi, stated in a statement that the EDF website had been hacked and subjected to a brute-force attack. He stated that the server, which had been restored and was now fully operational, was installed at COMSATS and was managed by Adamson/COMSATS.
According to the secretary, the email server has also been enabled and is now secure. He went on to note that emails generally contain project information as well as ordinary contact between officials and relevant parties.
He went on to say that these are internal conversations that don’t appear to affect the Fund’s operations.
He went on to say that the service provider and EDF are in direct touch, that procedures have already been adjusted, and that extra security measures are in place.
Hacking is a serious problem, however, EDF does not manage our sensitive information. However, Saleh said, “Our own fact-finding team will be there.”
When commenting on the data breach, intelligence analyst Zaki Khalid, who is stationed in Rawalpindi, said it is just another tragic example of how casually cyber security compliance is regarded.
“Even if subsequent administrations have made suggestions on occasion, there are still implementation gaps. Internal monitoring is clearly weak,” he said.
These hacking incidents have lately made news in Pakistan, with the first serious attack taking place during the previous government.
The official emails of senior Ministry of Finance staff were reportedly compromised in a cyber-security incident in December 2021. Official correspondence holding confidential information concerning the IMF, FATF, CPEC, and other government organizations was therefore hacked.
Consequences and Next Steps
Regardless of the sensitive material exposed, it is distressing to understand that once the system was infiltrated, any trade-related cooperation with foreign agencies and embassies lost all credibility.
When investors begin confidential contact with the Pakistani government, they create a level of confidence.
It may take a long time to regain confidence as a result of the country’s failure to protect the integrity of its records/sensitive content on the internet.
It is commonly assumed that these hackers provide economic intelligence to Pakistan’s opponents by assaulting and hacking into Pakistan’s web data.
In this case, another country might easily sever Pakistan’s trade ties with other countries. They only need to buy off the hackers and enforce their own rules to make life difficult for Pakistan.
Despite these events, the recommendations of the National Telecommunications and Information Security Board (NTISB) are not being completely implemented, and this has to be addressed immediately. Institutions must prioritize national security across all online channels in order to manage, safeguard, and decrease network vulnerabilities.
This is an essential necessity, and these difficulties must be addressed immediately.
The NCP 2021 must be implemented in order to safeguard the Pakistani government’s IT infrastructure, which would necessitate significant investment and organizational transformation.
Read:
Hackers could use bad bugs to expose government sites
Indian Embassy Website Hacked by Kashmiri Hackers on India’s Independence Day
1 million Kashmir University Students & Teachers’ Data ‘hacked, put on sale on Dark Web
Another Major Crypto Hack: More Than 7900 Solana Wallets targeted
140,000 Payment Terminals were Hacked Using Malware