Cyber Incident Victim: Government of Pakistan
Date:
Jul 2015
Location:
Pakistan
Summary
The official website of Pakistan's president and 72 other government sites were compromised by Bangladeshi hackers from the Blacksmith Hacker’s team in retaliation against prior cyberattacks by Pakistani hackers. The attackers breached a government proxy server managing multiple websites, enabling widespread defacement featuring a message and evidence of previous Pakistani hacks. The incident disrupted the president’s site for over two days, reflecting an ongoing cyber conflict between the two nations, with many affected sites remaining unrecovered at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On July 19, 2015, the official website of Pakistan’s President Mamnoon Hussain was compromised by Bangladeshi hackers operating under the name "Blacksmith Hacker’s team," with an individual using the alias "Dark Shadow" claiming responsibility. The attack was part of an ongoing cyber conflict between Bangladeshi and Pakistani hacker groups, escalating after Pakistani hackers defaced Bangladeshi government websites on July 15. The Bangladeshi group targeted a primary proxy server used by the Pakistani government to manage multiple official websites, gaining administrative access that enabled them to deface 73 Pakistani government domains, including the president’s site. The hackers replaced the content with a defacement page displaying a retaliatory message and a screenshot of the Pakistani hackers’ Facebook post boasting about their prior attack on Bangladeshi sites. Evidence of the compromise, including mirror links, was publicly shared on Pastebin and Zone-H, with the president’s website remaining inaccessible for over two days post-attack.
The incident caused significant operational disruption, as numerous high-profile Pakistani government websites displayed the defacement message for an extended period, undermining public trust and exposing systemic vulnerabilities. The attackers emphasized their intrusion’s severity by highlighting control over critical infrastructure—the central proxy server—which amplified the attack’s reach beyond a single website. By the time media reported the breach, some affected sites had been restored, but most remained compromised, indicating delays in containment efforts. Historical context revealed that the same hacker had previously targeted both Pakistani and Bangladeshi government sites, suggesting persistent tensions. The prolonged downtime of the president’s website underscored the attack’s technical impact, while the public nature of the defacement and retaliatory messaging intensified diplomatic friction between the two nations. No formal statements from Pakistani authorities regarding remediation timelines or security overhauls were documented in the available source material.