Cyber Incident Victim: Islamabad

On March 28, 2023, the official website of Pakistan’s Supreme Court experienced a cyber attack that temporarily disrupted its operations. Attackers of unidentified origin compromised the website in the morning hours, replacing its normal content with a message stating “our spring sale has started.” The defacement quickly drew public attention, with social media users disseminating screenshots of the altered site. Government IT specialists intervened promptly, restoring the website’s functionality after a brief period of disruption. Following recovery, the website displayed a COVID-19 advisory urging only essential visitors to attend the court premises, despite minimal active cases in Islamabad at the time. The attack’s duration prior to restoration and whether any data was exfiltrated remained unconfirmed. No group claimed responsibility, and the attackers’ methods were not disclosed.

This incident followed a separate breach earlier in March targeting Pakistani e-commerce platform Naheed, where hackers accessed and leaked user data on the dark web. In that case, attackers exfiltrated approximately 23,000 user records and 108 order details containing personally identifiable information and payment data. Naheed attributed the breach to a developer’s compromised laptop via phishing, emphasizing only non-critical test data from a staging server was affected. The Supreme Court website restoration demonstrated government capacity to address visible defacement swiftly, though technical investigations into both incidents yielded no public findings regarding intrusion vectors, persistent threats, or systemic vulnerabilities. The attacks collectively underscored recurring cybersecurity challenges for Pakistani digital infrastructure without establishing a confirmed operational link between them.