Analysis Summary

In the wake of the recent armed hostilities between India and Pakistan, national attention is rightfully focused on security, defense, and diplomacy. However, while kinetic conflict dominates headlines, a parallel front is also intensifying the cyber domain.

Threat Overview

Cybercriminals and state-aligned threat actors are actively exploiting the ongoing unrest to launch attacks on Pakistan’s digital infrastructure. The likelihood of cyberattacks targeting government institutions, military networks, financial entities, and critical infrastructure has significantly increased.

Since the beginning of 2025, Indian APT groups have repeatedly targeted Pakistan’s digital assets. Their activities and associated Indicators of Compromise (IOCs) have been reported as a top priority by the Rewterz Threat Intelligence Team.

Below are some key highlights:

SideWinder APT

• On 5th of May, SideWinder APT leveraged a campaign with the document named "Caution Against Propaganda and Misinformation Campaigns.docx".
• On 22nd April, they released a document with the file name "Reference A (Invitation letter for Interactive Session of PIMEC 2025).docx" along with a malicious domain "pimec-paknavy.updates-installer.store".
• Throughout 2025, SideWinder carried out multiple activities against Pakistan, targeting army and government officials with different malicious documents and domains.

Patchwork APT

• Since the first week of 2025 till now, the Indian APT group Patchwork has been actively targeting Pakistan Army and government officials by masquerading malicious documents and domains to achieve their goal of compromising Pakistan.

Moreover, several other APT groups and state-sponsored threat actors have been frequently targeting different sectors of Pakistan. Most of the attacks faced by multiple Pakistani organizations and sectors include:

• DDoS Attacks
• Web Defacement
• Data Breaches
• Ransomware Attacks
• Phishing Campaigns

Impacts

• Denial of Service
• Information Theft
• Cyber Espionage
• Website Downtime
• Reputational Damage
• Unauthorized Remote Access

Recommended Mitigation Measures

To counter these threats and ensure the safety and integrity of our digital assets, we strongly advise the following proactive measures:

• Block all threat indicators at your respective controls.
• Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
• Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
• Reinforce cybersecurity awareness among all staff members, stressing the importance of scrutinizing emails and links, using strong passwords, and applying software updates promptly.
• Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
• Enable two-factor authentication.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using a multi-layered protection is necessary to secure vulnerable assets.
• Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
• Enforce Access Management Policies
• Enforce MFA across all critical systems and accounts to add an extra layer of protection against unauthorized access.
• Maintain up-to-date and regularly tested backups of critical data to facilitate quick recovery in case of a ransomware incident.
• Keep all software, operating systems, and applications up to date with the latest security patches to address known vulnerabilities.
• Review and update the organization's incident response plan, ensuring that all stakeholders are aware of their roles and responsibilities in the event of a cyber incident.
• Establish continuous network monitoring to detect and respond to any unusual activities promptly.
• Collaborate with national and international cybersecurity agencies to exchange threat intelligence and stay informed about emerging threats.
• Raise public awareness about potential cyber threats during Independence Day celebrations and encourage citizens to adopt cybersecurity best practices.

By taking these precautions, we can collectively fortify our defenses and thwart potential cyberattacks during this significant period. Please remain vigilant, report any suspicious activities immediately, and work together to safeguard our digital sovereignty and national security.

Indicators of Compromise

Domain Name

• advisory.army-govbd.info
• pimec-paknavy.updates-installer.store
• paknavy.modpak.live
• pmd-office.info
• modpak.info
• dirctt888.info
• file-dwnld.org
• defencearmy.pro
• document-viewer.info
• crontec.site
• veorey.live
• mod-kh.info
• interior-gov-pk.mail-govt.org
• pc-gov-pk.downnload.net
• www-cbsl-gov-lk.dwnlld.com
• modltr.info-lanka.org
• www-customs-gov-lk.net-co.info
• mfa-gov-lk.dwnlld.info
• pubad-gov-lk.org-co.net
• btrc-gov-bd.mail-govt.com
• mof-portal-gov-bd.downnload.org
• playst0re.com
• apps-house.com
• omai.fyicompsol.xyz
• metformina.live
• amelaits.info
• evolutiondebt.info

MD5

• b0f2f200a69db71947578fca51d4ff94
• 5c5c62404ffccd672968b900b2681ec8
• 4bee454785e8c82ff234632d8e32a5c5
• 1c0905ea4e773382847260ff61a15ae4
• 4f8466e3b0d64b4a83b35954cc518d32
• e9726519487ba9e4e5589a8a5ec2f933
• d36a67468d01c4cb789cd6794fb8bc70
• 313f9bbe6dac3edc09fe9ac081950673
• bd8043127abe3f5cfa61bd2174f54c60
• f42ba43f7328cbc9ce85b2482809ff1c
• a694ccdb82b061c26c35f612d68ed1c2
• e0bce049c71bc81afe172cd30be4d2b7
• 0216ffc6fb679bdf4ea6ee7051213c1e
• 433480f7d8642076a8b3793948da5efe
• 9cd3ba87b000737567036900f36604b1
• 274758e6c811e53be8d9153fb9ec06e4
• daeb41e297c215a13234dbda18e4793c
• 964befd24e41a128e9fffdc7b41399a8
• c45ed6344882e49bb4db9f9a8c84ebeb
• ca46bdc4d7e537f0270cf7e2ac43cfa5
• 8c97148d293fc08bfc54b2ae615491d8
• be8a7c91f036f5e59a7fccb866e45d43
• 3d12638e57870c22df143418a2adfead
• a7583a16ca65464164b1ec98630a96f3
• c60186950203e145cac4788a2f94fd89
• 3215b2e559b1f9e1936cdd5ff1caff02
• 3f5c333cb7eb9bbc5c007517ba8ac925
• 3e8aff5697a513a749869744ad0ce135
• f3680b43abf218a16e58d991e54a6eee
• 54794189acbbfaf658bc5fd40b9a38dd
• 0c23562c6208b080ac0b698215529a62
• c5ed8776b63b698697fa6b22303bda2a
• 2321a22697835ca07790bce363cc4437
• 5187008a141d777d6268769cf008437d
• 7b870fa9aa750e145e77d55a7a563d97
• eedb258ec6b47bfbeb2f2fa6f1680d77
• 8650fff81d597e1a3406baf3bb87297f
• c12ea05baf94ef6f0ea73470d70db3b2
• 394656ce896a7fca37f24f06bdf29b70
• 14c764ff0bfded4d776de644897c1d4a

SHA-256

• 57b9744b30903c7741e9966882815e1467be1115cbd6798ad4bfb3d334d3523d
• 63f5445527c47e17b71e87eef4dd7a86883607a22830bcee5b1fabc5d03bab38
• f2e8634231f39215d9f89a4a5bdbf97cced71fb7657d1e8186f30a9fe126a2f9
• 4372f0a9cbee2a7635fb818448b517a72e3a1bb1dc2b8378c92c6df789880e91
• 7de2154d3db3f141f9c81f94f7f298b8ad66eaf2a0bad713bcaa3f0400549855
• d9e373aeea5fe0c744f0de94fdd366b5b6da816209ac394cbbda1c64c03b50b1
• 865f5b3b1ee94d89ad9a9840f49a17d477cddfc3742c5ef78d77a6027ad1caa5
• fa95fadc73e5617305a6b71f77e9d255d14402650075107f2272f131d3cf7b00
• aacaf712cf67176f159657be2fbd0fce018aa03b890cb1616b146eddb1de73be
• 30735312101e60a697f161abba62ca359eed240d2e612b1ff7bed6523b28730d
• 76daea942654d8175f642696fc758b03767db14ca5dda9994797a3f95a34294a
• 512a83f1a6c404cb0ba679c7a2f3aa782bb5e17840d31a034de233f7500a6cb9
• 5740947bb9267e1be8281edc31b3fb2d57a71d2c96a47eeeaa6482c0927aa6a4
• 44ff1117bb0167f85d599236892deede636c358df3d8908582a6ce6a48070bd4
• d3fb61c0211bd379bf80f15cf072fdbc1187fe95546fdfcfcbdf8918004f05e2
• 1c3854ebc72219e7bb6c94eb6b54c70ded555e15a32ac7466a7693afb524b5c7
• f29de289f33c8c9e4a53d25443e6d949b0028b31accf9abb4a8bab4a9dcbba42
• 725ded50e7f517addd12f029aeaf9a23f2b9ce6239b98820c8a12ea5cb79dbfa
• 65c9e15d9b916b193ce1d96bb99c1c1f3ade0273270b56cf6e476a21b31a3491
• 69eee36642f274c724fadcfdf1f103ae0fd9b5f4bad7ac6a33b3c627d6114426
• 74111c9b0ed748fc6bfc025d13a2ed08663b988cb69c044f1c6f153f9020294c
• a61335c10cf98064761806af6451b3cddd66641ccb35a6d8b915a02d6279f46a
• 47d77499968244911d0179fb858578de00dbb98079e33f5ed5d229d03eb04d67
• de54f8933ff81f93652ab824e8f9e60197135e1064f0ca4ca99df833a7a94e9d
• 2aaedc573bf89ae8c348280b64704edb4dbab88ff3df031b49ceaa57af90e204
• 3007f345b557b7e98a6acc3007c2b5aaa87068d0269daab80bba8325d4ce3b3d
• 5f0d9a8f26a8ead63c0d2063abdef157138eb59def34c361cdc3a42b0ed2c17d
• 8c233e13a0bc27bce7555b9a89f63c0eadaa5c618fe7301eebd7a32e2bd79bcf
• 5c8fec883cea528edc0c0a8d7c3688ad59e0aef7b8b960ab5583f9a1f15ba8b4
• e83f568d7fdb2200174d7c10e193faf857a92b8309bb248054ec8823c39b95cd
• c75cbbb4435e0e7392db00a854c72fe48ef5811308e84707cf5bbf3798527234
• bd8b17bca9a0682a090a566a35d3338c3179c5471d7410d67bc86b96f98e94b4
• 6faccd85e9c1cbeb7d12131fd55b551e4e1d86accbe53751214600664efdd106
• 4010952725284d1c5d198f28cc35764d7621590c163bf489791f023592784a53
• 43551d7989be11d51ec7aa64538ffb642609be5d2a590f035e229c60e4bc5833
• 49e2ca78803e0a903bf898a8c8332b3e0bb4661f74057b4553e19fe76ac443fe
• c7381b43f9d098eeaed2433e6d38aaca9f4ebbd99588b1a0c855c07069f9cbac
• 8958b215f30f9d48010fb93363125dcaf265c18d3d8df04d299df8313fa6be5f
• 545f987e40a739da3b0d6611a619f2bfe0a67b8e0565efe92cc1e8f50329abf0
• ca38baff31ad6273d12ca96a11e6d4679ff0c54c0eee9a64b3e743bba6cbe4b1

SHA1

• e4bba61544f83d14f4fabf52971d5f0fa15c5935
• 4651a45599940f7fdf2f8f5ce95e95acdf8e454b
• c5e5eb2e131d01b8d45b3f64f03a9d0a0c2198a9
• f5a14709b51980fb07b48409370d65ab4d8c1323
• 6a21d9909e44d2e712f20b684601770809b243d3
• 5a12b7f4214ac1f79f2b613fb482e58701dfaaa6
• 84b4b2705018e38253796cd3f84ee68694d9b9c0
• 96cafccda39d2dd06e22b33ca37504405439c23d
• 639ccf8e2e0643b0d93db9ebf508ac0f1836cccd
• 013ead0c89431a69bbe7e7b39a1095dc4faea456
• 334f3313b03bbfeaae6fc7a0257d4fd8cb6dd751
• 9a85051a59212febf71e9d5ff29d6998ee909795
• 71daaff7ba2b92e69a5e94c0efa2f5a097bcd65c
• 81d00923f2e9e0bae7c51ffbcb66409dd9a3da05
• 86f40c7131ec6b603584c44d840343c5daf9b0e6
• 89a51f3bd3da637ee816a2faf4a8ee35fdeb38dc
• d0fcb64622ad65bd53d5b2af068390432a5f9570
• 656fa08c341a8d7b74f28a24e1efbcc4b715a886
• 3465c420ee5349532b378ac65002e87d4b87da34
• 4f4193ea2484c8d5a16282859ed0effddab7c92d
• 68c8135f03b60ef46a05687e3ce348ab208046fd
• c84087cc340afcef43f315ef84b0301b431815c8
• 30f5f6a92ad6ec26d420e8812f9343ddb93c1bf6
• 4a5cb9aaf1696647977d7f62e2fe2e96b2fbc918
• 9ffa326dc48c448d9d3fa13d384b16f0db1658c2
• 9dde3ad2604c7dc2769421ef9d113e1fc0ddc3cd
• 4fd2cb6095e6357dd1aa6e1d930ed595da8e6f4c
• 1ef9ade3cf8bbfda23e57df470e449961552645e
• 603bce9c344f8291742d92ad1b580137de66aaee
• 1e6ec96c3bed6ec728a629257150610aa4d4a286
• 2d40f82b15191fe4ce73fa47feb953c11ae0ba68
• 73129eb61234734e0704f52b0ef181e78a19a1d5
• 0418fb153a5cf02cc0182f4435b90218f18cb3e3
• 17c8792e0a8a61ec5db999b90932eccc89ee3bf4
• c1437d875b871e68aec613f8eec9792e350c1175
• 61eaeabca96173d3afd2d407adf85aa1a0de88df
• 0734fe2ec590c469c1d647b0c1109824cadf4105
• fa1321e3dcd62636bce82e840dfcacd4b11084eb
• 7aaa49c142eef468f638d2333cb359d0a8bbe226
• cc07d4f9f5557009ba431a4b537f2261aa193d0c

URL

• https://rkde.fyicompsol.xyz/jsgdevdw_3ed/hdbdewsq1_sc3
• https://kila.fyicompsol.xyz/kfdgbcws_rf4/dcsxwer32khd_esf
• http://changdu.sdic2024.org/opawqy44dsWq/lifrwq24h
• http://evolutiondebt.info/YcKOjLMxiwCZfSS/comrCVPEffFiPvF.php