A global cybersecurity firm has identified seven advanced persistent threat (APT) groups actively targeting Pakistan’s government, intelligence agencies, oil and gas sector, and corporate entities in efforts to steal sensitive information.
According to the firm, Pakistan experiences nearly one million cyberattacks every month, equating to attacks occurring on a per-minute basis.
These attacks aim to extract critical data from computers, laptops, mobile devices, and sometimes insecure Wi-Fi networks.
From January to September 2025, over 5.3 million on-device attacks were detected in Pakistan, compared to 2.5 million web-based threats over the same period.
Stolen data is often placed on the Dark Web, while attacks on the banking and financial sector, including insurance companies, remain largely unreported.
During a media briefing, Dmitry Berezin, Kaspersky’s Global Security Expert, highlighted key threats facing Pakistan, including ransomware, exploits, and targeted attacks.
“Understanding the increasingly sophisticated cyberthreat landscape is crucial for organisations, while individuals must follow basic cyber hygiene practices,” he said.
Kaspersky’s data shows that 27% of individual users and 24% of corporate entities faced malware through infected USB drives, CDs, DVDs, and hidden installers, including ransomware, worms, backdoors, trojans, password stealers, and spyware.
Web-based threats affected 16% of individual users and 13% of corporate entities, encompassing phishing scams, exploits, botnets, Remote Desktop Protocol attacks, and network spoofing such as fake Wi-Fi networks.
Specific malware statistics include:
354,000 exploitation attempts blocked
166,000 instances of banking malware detected
126,000 spyware attacks prevented
113,000 backdoors and 107,000 password stealers blocked
42,000 targeted ransomware attacks
Top exploited vulnerabilities in Pakistan included 2025 vulnerabilities in 7-Zip, along with older issues in Microsoft Office, HTML, WinRAR, VLC Player, and Notepad++, highlighting the critical need for timely updates by both individuals and organizations.
Ransomware continues to be a major cause of corporate cyber incidents, targeting high-value victims across governments and enterprises.
Effective defense requires a combination of prevention and response measures, including patch management, strong authentication, restricted remote access, endpoint detection and response (EDR), extended detection and response (XDR), regular backups, and continuous user awareness to counter phishing attacks.
Kaspersky also reported that seven APT groups are actively focusing on Pakistan, targeting telecoms, financial services, critical infrastructure, defense, government entities, and commercial sectors. These groups rapidly adapt their tactics, techniques, and procedures.
One notable example is the “Mysterious Elephant” APT group, operating across the Asia-Pacific region, including Pakistan.
The group targets highly sensitive information such as documents, images, archived files, and even WhatsApp data.
Their 2025 campaign uses a combination of exploit kits, personalized spear-phishing emails, and malicious documents to gain access, after which they escalate privileges, move laterally, and exfiltrate data.
“Some threats are widely distributed, while others are highly targeted. Exploitation of zero-day vulnerabilities is a common tactic among sophisticated cybercriminals in ransomware and APT attacks,” Berezin noted.
“Understanding the threat landscape is operationally essential: knowing which threats are active allows organizations to fine-tune security controls and proactively protect themselves.”
The global firm advises individuals to educate themselves and make cyber hygiene principles part of their IT routines, secure their devices with proper solutions, and regularly install updates and back up valuable data.
Defensive measures for organisations should include assessment of IT infrastructure and using solutions needed to secure all its elements – from endpoint protection to extended detection and response products; having threat intelligence; developing and updating cybersecurity policies and employee trainings, such as those available within Kaspersky Security Awareness Platform.
