Pakistan’s Cabinet Division issued a cybersecurity advisory warning government institutions of targeted attacks by the Indian state-sponsored hacking group PatchWork. The advisory details PatchWork’s tactics, highlighting their use of spear phishing emails, social engineering, and malicious mobile apps to steal sensitive data. Specific malware tools and techniques employed by the group are also identified.
To mitigate cyber risks, the advisory outlines a series of preventive measures for government officials and departments. It emphasizes user vigilance, urging officials to avoid suspicious links, attachments, and applications. Secure browsing habits are encouraged, recommending typing URLs directly, using HTTPS websites, and avoiding personal accounts on work systems.
Strong password practices are crucial, with the advisory stressing the importance of using complex and unique passwords for different accounts. Software updates are vital, and the advisory recommends keeping operating systems, applications, and endpoint protection systems up-to-date.
Network security is paramount. The advisory suggests implementing firewalls, intrusion detection/prevention systems (IDS/IPS), and monitoring network activity for suspicious behavior. Application control is another essential defense, with the advisory recommending whitelisting authorized applications and restricting user permissions.
Multi-factor authentication (MFA) adds an extra layer of security, and the advisory encourages its use for additional account protection. System hardening is also crucial, and the advisory suggests implementing security measures at the OS, BIOS, and application levels.
Finally, the advisory emphasizes the importance of user awareness training to recognize phishing attempts and proper system administration practices like timely vulnerability patching and code signing verification. By following these recommendations, Pakistani government institutions can significantly bolster their cyber defenses against PatchWork and other cyber threats.
