Cyber Incident Victim: Supreme Court of Pakistan
Date:
Mar 2023
Location:
Pakistan
Summary
The Supreme Court of Pakistan's official website experienced a cyber attack resulting in unauthorized defacement with a message stating "our spring sale has started," prompting widespread social media attention. Government IT specialists swiftly restored access, after which the site displayed a COVID-19 advisory limiting court visits despite minimal active cases in the region. The incident's duration and potential data compromise remain unconfirmed, marking another high-profile cybersecurity breach following a recent attack on a Pakistani e-commerce platform where hackers exfiltrated user records through a compromised developer device.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 28, 2023, the official website of Pakistan’s Supreme Court experienced a cyber attack that temporarily disrupted its operations. Attackers of unidentified origin compromised the site in the morning, replacing its normal content with a message stating, “our spring sale has started.” Screenshots of the defaced website circulated rapidly on social media platforms, drawing public attention to the breach. Government IT specialists intervened promptly and restored the website after a brief period of downtime. Following recovery, the site displayed a COVID-19 advisory urging only essential visitors to attend the court premises, despite minimal active cases in Islamabad at the time. The extent of the disruption—specifically how long the site remained offline before restoration—was not publicly confirmed. Authorities did not disclose whether the attackers exfiltrated sensitive data or gained access to internal court systems beyond the superficial defacement. This incident marked another high-profile cybersecurity breach affecting Pakistani digital infrastructure within weeks.
Earlier in March 2023, the e-commerce platform Naheed.pk suffered a separate cyber attack in which hackers claimed to have stolen approximately 23,000 user records and 108 order details. The compromised data reportedly included sensitive customer information such as user IDs, email addresses, full names, physical addresses, payment details, and phone numbers. Naheed’s management attributed the breach to a phishing attack that compromised a developer’s laptop, enabling attackers to access “non-critical test data” stored on a staging server. The stolen data was subsequently leaked on the dark web, though the company emphasized that production systems and live customer databases remained unaffected. Neither the Supreme Court nor Naheed disclosed technical specifics about the attack vectors, perpetrator identities, or long-term operational impacts. These incidents collectively underscored recurring vulnerabilities in Pakistan’s web infrastructure, though no direct link between the two breaches was established in available reports.