ISLAMABAD: A global cybersecurity firm has identified seven APT groups targeting Pakistan’s government, intelligence agencies, oil and gas industry, and corporate sector in a bid to steal sensitive information, The News reported on Saturday. It said there are around one million such attacks every month, meaning Pakistan faces cyberattacks on a per-minute basis. The attempts seek to extract vital data from devices such as computers, laptops and mobile phones, and in some cases via insecure Wi-Fi networks. According to the data, more than 5.3 million on-device attacks were detected in Pakistan in the first nine months (January to September) of the current calendar year, compared to 2.5 million web threats over the same period. The data is stolen and then placed on the Dark Web for various reasons. The banking and financial sector, including insurance companies, also faced such attacks, but they were reluctant to share details. During a media briefing session here on Friday, Dmitry Berezin, Kaspersky’s Global Security Expert, focused on pressing cyberthreats facing the country, including exploits, ransomware, and advanced targeted attacks. “Understanding the growing and increasingly sophisticated cyberthreat landscape is crucial for organisations, while individuals should also stay aware and follow fundamental cyber hygiene principles,” Kaspersky advised. Web Desk
According to the Kaspersky data, among over 5.3 million on-device attacks from January to September, 27 per cent of all users and 24 per cent of corporate entities faced malware delivered via infected USB drives, CDs, DVDs, and hidden installers, including ransomware, worms, backdoors, trojans, password stealers, and spyware.
In the same period, over 2.5 million web attacks were blocked by Kaspersky solutions: 16 per cent of all users and 13 per cent of corporate entities faced web-based threats, which included phishing scams, exploits, botnets, Remote Desktop Protocol attacks, and network spoofing, such as fake Wi-Fi networks.
More detailed statistics by malware types showed over 354,000 exploitation attempts were stopped by Kaspersky solutions, 166,000 banking malware detected, 126,000 spyware attacks prevented, 113,000 backdoors and 107,000 password stealers blocked. Ransomware attacks, which are not characterised by mass distribution but are more targeted at specific victims, were detected 42,000 times.
Top exploited vulnerabilities in Pakistan included two from 2025 in 7-Zip and several from previous years in Microsoft Office, HTML, WinRar, VLC player and Notepad++. This underscores the importance of timely updates both by individuals and organisations.
Furthermore, ransomware remains a leading cause of corporate cyber incidents globally and in Pakistan, with targeted groups selecting high-value victims across governments and enterprises. Effective defence requires a combination of prevention and response actions.
These include adopting rigorous patching, strong authentication, restricted remote access, deployment of endpoint detection and response (EDR) and extended detection and response (XDR) solutions such as those from the Kaspersky Next product line, regular backups, and continuous user awareness to mitigate phishing-driven initial access.
Kaspersky shared that Pakistan is a focus for seven advanced persistent threat (APT) groups. Both established and emerging groups target telecoms and financial services, critical infrastructure, defence, and government entities, while also extending their reach into commercial and emerging industries.
