2025-10-09T08:19:33Z

---

Pakistan's telecom cybersecurity is facing an unprecedented challenge, with a shocking increase in AI-driven cyberattacks that utilize stealth and deception, according to the latest Cyber Security Annual Report 2024-25 from the Pakistan Telecommunication Authority (PTA). Can you imagine a future where your identity can be compromised without you even realizing it?

The report paints a stark picture: the National Telecom Security Operations Center (nTSOC) managed over 10,000 critical alerts, escalated approximately 1,500 incidents, and thwarted more than 500 malicious infrastructure elements. This isn't just another tech story; it's a wake-up call about the evolving landscape of cybercrime.

During a particularly intense period from April to May 2025, nTSOC recorded around 25 Distributed Denial of Service (DDoS) attacks alongside over 100 threats sourced from the dark web. The rise of AI-assisted targeting and credential theft is alarming, as it reveals how adversaries are becoming more sophisticated.

What’s striking is the shift in tactics: rather than traditional malware, attackers are now employing “living-off-the-land” techniques, utilizing legitimate system tools to breach defenses. The report categorizes these threats under MITRE ATT&CK techniques, encompassing script interpreter abuse, credential theft, obfuscation, and social engineering. These low-footprint intrusions can easily slip past conventional antivirus systems, highlighting a pressing need for advanced, behavior-based detection and robust identity access management controls across telecom and government networks.

Data from nTSOC showcases a vast and varied threat landscape. More than 150 formal cybersecurity advisories were issued through the National CERT portal, along with the blocking of 534 malicious IPs and domains. Alarmingly, hundreds of leaked credentials belonging to employees in telecom and public sectors have been discovered on the dark web. The sectors under siege include government agencies, telecom operators, educational institutions, and law enforcement, with attacks ranging from credential stuffing to ransomware and website defacements, all resulting in a surge of stolen credentials on underground markets.

The PTA has traced many of these assaults back to a select group of persistent and state-sponsored Advanced Persistent Threat (APT) factions. These include Sidewinder, known for its use of localized decoy documents; APT36, which weaponizes Android spyware; APT41, exploiting software supply chain vulnerabilities; Turla, known for employing steganography; and hacktivist groups like R00TK1T that deface judicial and municipal portals.

Moreover, the report highlights that phishing, credential stuffing, exploitation of unpatched systems, and the misuse of remote access during sensitive periods remain the primary entry points for potential intruders.

To bolster digital defenses in Pakistan, the PTA has proposed several crucial measures: mandatory multi-factor authentication, the implementation of zero-trust access models, automated intelligence sharing, cross-sector cyber drills, and legal requirements for breach reporting within 48 to 72 hours. These steps are not just recommendations but essential actions to fight off the rising tide of cyber threats.

While the PTA concludes that the overall security posture of the telecom sector is improving—88% of licensees rated “Excellent” or “Very Good”—serious vulnerabilities still exist, particularly in areas like application security and network monitoring. The report urges continued investment, inter-agency collaboration, and the adoption of CTDISR-2025 cybersecurity controls to protect Pakistan's digital infrastructure as AI-driven threats continue to evolve.