Cyber Incident Victim: Islamic Republic of Pakistan
Date:
Mar 2023
Location:
Pakistan
Summary
The Supreme Court website was defaced with a message about a spring sale before being restored by government IT staff, while it remains unclear whether any data was taken. Separately, the online retailer Naheed suffered a breach after a developer's laptop was compromised via phishing, resulting in the exposure of user records and order details that were later posted on the dark web.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday, March 28, 2023, the official website of the Supreme Court of Pakistan was taken over by attackers of unknown origin in the morning hours. The intruders replaced the site’s content with a message that read “our spring sale has started”. Screenshots of the altered page quickly circulated on social media platforms. Government‑employed IT specialists intervened and succeeded in restoring the website after a short period of disruption.

After the site was brought back online, a COVID‑19‑related advisory was posted, advising that only concerned individuals should visit the court despite the low number of active cases in Islamabad at that time. The article notes that it remains unclear whether any data was exfiltrated from the Supreme Court site or how long the outage lasted before recovery. The incident is described as not being the first notable cyber attack on a Pakistani online service, with a separate breach affecting the Naheed shopping website earlier in March 2023.
According to the report, the Naheed breach resulted in the alleged theft of up to 23,000 user records and 108 order details, including identifiers, email addresses, names, addresses, payment information and phone numbers, which were subsequently shared on the dark web. Naheed told investigators that the compromise began when a developer’s laptop was infected via a phishing email, granting the attackers access to non‑critical test data on one of their staging servers. The Supreme Court incident was resolved by the government IT team’s restoration efforts, after which the website resumed normal operation.
