Global cybersecurity firm Kaspersky has revealed startling new data showing that Pakistan endured over 5.3 million on-device cyberattacks in just the first nine months of 2025. The findings were shared at a media briefing held after the CTI Summit 2025 in Islamabad, where experts highlighted a dramatic rise in malware infections, ransomware incidents, and advanced targeted attacks affecting both individuals and major organizations.
According to Kaspersky, cybercriminals operating in the region have adopted increasingly sophisticated tactics, making Pakistan’s digital ecosystem more vulnerable than ever. The company stressed that both users and organizations must urgently strengthen cybersecurity practices to counter these escalating threats.
Millions Hit by Malware, Phishing, and Exploits
Kaspersky reported that 27% of Pakistani users and 24% of corporate entities encountered malware between January and September 2025 through infected USB devices, CDs, DVDs, and concealed installers. The malicious programs detected included ransomware, worms, trojans, spyware, backdoors, and password-stealing tools.
During the same period, more than 2.5 million web-based attacks were blocked. Approximately 16% of users and 13% of organizations faced phishing attempts, botnet activity, RDP intrusions, exploit attacks, and fake Wi-Fi networks designed to steal sensitive credentials.
A deeper threat analysis revealed the following blocked attacks:
-
354,000 exploit attempts
-
166,000 cases of banking malware
-
126,000 spyware detections
-
113,000 backdoor attacks
-
107,000 password-stealing programs
-
42,000 ransomware incidents
Kaspersky noted that ransomware attackers increasingly focus on high-value, high-impact victims, opting for targeted campaigns rather than mass distribution.
The firm also highlighted Pakistan’s ongoing exposure to security flaws in outdated systems and software. Vulnerabilities found in 7-Zip, older versions of Microsoft Office, HTML, WinRAR, VLC Player, and Notepad++ were frequently exploited by attackers. Kaspersky urged users to install timely updates, enable strong authentication, limit remote access, and deploy EDR/XDR solutions to shrink the attack surface.
APT Groups Intensify Targeted Attacks on Key Pakistani Sectors
Kaspersky further disclosed that Pakistan remains a priority target for seven major Advanced Persistent Threat (APT) groups. These groups routinely attack telecom companies, financial institutions, government bodies, critical infrastructure, and emerging commercial markets.
One such active threat in 2025 involves the APT group Mysterious Elephant, known for stealing sensitive documents, images, archived data, and even WhatsApp information. The group employs spear-phishing, malicious documents, exploit kits, and post-intrusion privilege escalation to infiltrate systems and exfiltrate confidential data.
Kaspersky concluded its briefing with a strong warning: Pakistan’s cyberthreat landscape is evolving at a rapid pace, and urgent action is required. The company advised individuals to follow strict cyber hygiene, keep all devices updated, and secure data with trusted security solutions. For organizations, Kaspersky recommended comprehensive infrastructure assessments, deployment of modern security frameworks, access to reliable threat intelligence, and continuous employee training to combat rising digital threats effectively.
