Pakistan’s telecommunications industry is facing an unprecedented wave of AI-powered cyberattacks that exploit digital identities and stealth tactics, according to the Pakistan Telecommunication Authority (PTA) in its latest Cyber Security Annual Report 2024–25.

The report paints a troubling picture of the country’s cybersecurity posture, warning that adversaries are increasingly using artificial intelligence to conduct sophisticated, low-detection intrusions targeting telecom, government, and critical infrastructure networks.

Massive Spike in Cyber Threats and Incidents

Data from the National Telecom Security Operations Center (nTSOC) shows that over 10,000 high-priority security alerts were handled during the past year, leading to the escalation of around 1,500 confirmed cyber incidents. Additionally, more than 500 malicious domains and servers were taken down following coordinated response actions.

During the April–May 2025 cyber escalation, Pakistan experienced nearly 25 Distributed Denial of Service (DDoS) attacks and more than 100 dark web–linked threats, marking a sharp rise in AI-assisted phishing, credential theft, and targeted intrusions.

Shift Toward “Living-off-the-Land” Techniques

The PTA report notes that threat actors have shifted from traditional malware-based campaigns to stealthier “living-off-the-land” (LotL) tactics. These involve abusing legitimate tools, administrative privileges, and system processes to remain undetected.

Common techniques identified under the MITRE ATT&CK framework include:

Abuse of script interpreters

Credential theft and privilege escalation

Obfuscation of malicious activity

Sophisticated social engineering campaigns

Such low-footprint attacks are capable of bypassing signature-based antivirus software, highlighting the urgent need for behavior-based threat detection, advanced endpoint monitoring, and stronger identity and access management (IAM) controls across public and private networks.

National CERT Findings and Threat Landscape

The nTSOC and National CERT issued over 150 cybersecurity advisories in 2024–25, blocked 534 malicious IP addresses and domains, and identified hundreds of leaked credentials belonging to telecom and government employees on the dark web.

Targeted sectors included telecom operators, government departments, educational institutions, and law enforcement agencies. Attack types ranged from credential stuffing, ransomware, and phishing to router exploits and website defacements. Thousands of compromised user accounts and passwords were later discovered being traded on underground markets.

Involvement of APT and Hacktivist Groups

The PTA attributed a significant portion of attacks to persistent Advanced Persistent Threat (APT) groups and politically motivated hacktivist collectives.

Key actors identified include:

Sidewinder – using localized decoy files and command-and-control networks

APT36 – deploying Android spyware and infected PDFs

APT41 – exploiting software supply chain vulnerabilities

Turla – using steganography and watering-hole attacks

R00TK1T – defacing judicial and municipal government portals

PTA’s Cybersecurity Recommendations

To counter rising threats, the PTA has recommended several measures, including:

Mandatory multi-factor authentication (MFA) across all critical systems

Adoption of zero-trust access frameworks

Automated threat intelligence sharing among telecom and government entities

Cross-sector cyber drills to improve readiness

Mandatory breach disclosure within 48–72 hours of detection

Progress and Remaining Challenges

Despite progress, the report emphasizes that Pakistan’s telecom security hygiene still needs improvement. While 88% of licensees were rated “Excellent” or “Very Good,” gaps remain in application security, data encryption, and network monitoring.

The PTA concludes that sustained investment, inter-agency coordination, and full compliance with CTDISR-2025 cybersecurity standards will be crucial to protect Pakistan’s digital ecosystem from the growing threat of AI-driven cyber warfare.