tracking.dgip.gov[.]pk

The Directorate General of Immigration & Passports (DGIP) is a Pakistani government agency that operates an online tracking system for passport applications. This service allows applicants to monitor the status of their requests through the domain tracking.dgip.gov.pk. The system is part of Pakistan's immigration and passport issuance framework under the Ministry of Interior. By providing digital updates, it aims to improve transparency in the application process. The platform handles sensitive personal data, including identification details, making it a repository of citizen information critical to national identification. As a government service, it processes applications for Pakistani citizens seeking passports. The existence of such a tracking system reflects the administrative handling of passport operations, though specific operational metrics are not available.

In March 2019, the DGIP's passport tracking website was compromised in a sophisticated cyberattack that deployed the ScanBox reconnaissance framework against unsuspecting visitors. ScanBox is a JavaScript-based tool that executes within a victim's browser to log keystrokes and harvest system information without requiring traditional malware installation. This particular incident involved an evolved variant of ScanBox historically associated with advanced threat groups such as Stone Panda and LuckyMouse, indicating a high level of attacker capability. The malicious code was injected into the legitimate tracking site, turning it into a watering hole attack vector that targeted anyone accessing the portal. Beyond basic keylogging, the ScanBox implementation included checks for the presence of 77 different security, decompression, and virtualization products on victims' machines, suggesting the attackers aimed to evade detection and identify high-value targets. The breach enabled the covert collection of data from users interacting with the compromised platform, potentially exposing personal and administrative information submitted during passport application tracking. This incident highlighted the vulnerability of even routine government services to advanced persistent threat actors and demonstrated how compromised legitimate websites can serve as effective delivery mechanisms for reconnaissance tools. The attack on DGIP's tracking system represents a notable case of cyber espionage targeting a national immigration authority, with implications for the security of citizen data held by government portals.