Cyber Incident Victim: Ministry of Aviation

On the morning of 2023-03-28, the official website of the Supreme Court of Pakistan was compromised in a cyber attack. Attackers of unknown origin successfully took control of the web property. The primary malicious action observed was the defacement of the site's content. The attackers replaced the legitimate content with a message that read “our spring sale has started”. This action rendered the website's normal function unavailable to its users and replaced it with the attacker's chosen communication.

The incident was detected and became publicly known almost immediately as the defacement was visible to any visitor of the website. The compromised state of the Supreme Court's website quickly became a topic of significant discussion on social media platforms. Numerous users posted and shared screenshots of the hacked website, amplifying the visibility of the attack and its embarrassing nature for the institution. The widespread sharing on social media served as a primary vector for the public dissemination of information regarding the breach.

In response to the attack, IT specialists working for the Pakistani government were mobilized to address the compromise. Their efforts focused on containment and eradication, specifically on regaining control of the website from the attackers and restoring its original, legitimate content. The response team was able to successfully restore the website after a short period of disruption. The exact duration of the outage was not specified, but the recovery was completed on the same day as the attack.

Following the restoration of the website, a COVID-19-related advisory was posted on the site. This advisory stated that only concerned people should visit the court. This post-restoration activity was noted as unusual given the context, as there were reportedly barely any active COVID-19 cases left in Islamabad at that point in time. It is unclear if this advisory was a pre-scheduled update that was pushed live after the restoration or a new posting made by the administrators.

The full scope and impact of the incident remain partially unclear. The article explicitly states that it is unknown whether any data was exfiltrated or stolen from the website during the period of compromise. The potential consequences are therefore limited to the confirmed availability and integrity issues caused by the defacement itself. The attack caused a temporary disruption to the online presence and services of Pakistan's highest court, an institution of significant national importance.

This incident was not an isolated event in the Pakistani cyber landscape at the time. Earlier in the same month of March 2023, the online shopping website Naheed.pk suffered a significant data breach. In that separate incident, hackers breached the site and subsequently shared the stolen data on the dark web. The hackers claimed to have stolen approximately 23,000 user records and 108 order details. The compromised information was described as highly sensitive, including user IDs, email addresses, names, physical addresses, payment details, and phone numbers.

An official comment from Naheed provided insight into the root cause of their breach. The company revealed that the intrusion occurred after a developer’s laptop was compromised through a phishing attack. This initial access allowed the attackers to subsequently gain hold of what the company described as “non-critical test data” located on one of their staging servers. This detail highlights a different attack vector and impact compared to the Supreme Court website incident, which was a defacement with no confirmed data theft. The two events together illustrate a period of heightened cyber threat activity targeting high-profile Pakistani websites in March 2023, albeit with differing methods and outcomes. The Supreme Court incident concluded with the restoration of service by government IT personnel, with the primary impact being a temporary loss of availability and a public defacement.