Cyber Incident Victim: Supreme Court of Pakistan
Date:
Mar 2023
Location:
Pakistan
Summary
The Supreme Court of Pakistan's website was taken over by attackers of unknown origin who posted a message saying “our spring sale has started” and was quickly screenshotted across social media; government IT specialists restored the site after a short disruption, after which a COVID‑19 advisory was added urging only essential visitors despite low case numbers in Islamabad. It remains unclear whether any data was exfiltrated or how long the outage lasted before recovery. Earlier, the online shopping retailer Naheed suffered a breach in which up to 23,000 user records and 108 order details were leaked, traced to a compromised developer laptop via phishing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Supreme Court of Pakistan’s official website was taken over by attackers of unknown origin in the morning. The attackers posted a message reading “our spring sale has started” on the compromised site. Social media platforms quickly filled with screenshots of the hacked website. IT specialists working for the government restored the website after a short period. It remains unclear whether any data was stolen from the site or for how long it remained disrupted before recovery.

Soon after the website recovered, a COVID-19-related advisory was posted, stating that only concerned people should visit the court. The advisory noted that there were barely any active cases left in Islamabad at that time. This incident is not the first time a notable Pakistani website has faced a cyber attack. Earlier the same month, the online shopping website Naheed was breached, and hackers claimed to have stolen up to 23,000 user records and 108 order details. The stolen Naheed data reportedly included sensitive information such as user IDs, emails, names, addresses, payment details, and phone numbers. Naheed later explained that the breach resulted from a developer’s laptop being compromised via a phishing attack, giving attackers access to non‑critical test data on a staging server. For the Supreme Court website, no confirmed data theft has been reported.
