A Pakistani government entity was hit by a ransomware attack last week that encrypted its data, forcing officials to restore information from backup systems, PKCERT Director General Dr Haider Abbas said on Wednesday.
Speaking at the Fortinet Security Day Karachi 2026 conference, themed “Securing the AI Journey,” Abbas said the incident brought the total number of cyberattacks recorded in Pakistan this year to 253.
The PKCERT Director General did not disclose the name of the affected entity.
Abbas said Pakistan recorded 927 cyberattacks in 2024 and 2025 combined, targeting critical infrastructure across government and private sector organisations. He said all these incidents were successfully detected and countered.
Following the latest breach, all public and private sector organisations have been given a six-month deadline to establish fully operational cybersecurity operation centres (SOCs) to continuously monitor threats, Abbas said.
He said the national Computer Emergency Response Team (CERT) is responsible for preventing, detecting and responding to cyberattacks at the national level, and collaborates with CERTs of friendly countries to share threat intelligence.
Abbas said sector regulators, including the Pakistan Telecommunication Authority (PTA) and telecom operators, the State Bank of Pakistan (SBP) and banks, the Securities and Exchange Commission of Pakistan (SECP), the National Electric Power Regulatory Authority (NEPRA), the Oil and Gas Regulatory Authority (OGRA), the Higher Education Commission (HEC), and the Civil Aviation Authority of Pakistan (CAA), are being designated as sectoral CERTs and are in the process of deploying them within their organisations.
A federal government CERT will be established next under the national CERT, he added.
Abbas said the government has also developed the Pakistan Information Security Framework 2026 (PISF 2026), which includes compliance and auditing controls. The framework is under review by the Cabinet and has been presented to parliament for approval as the country’s first cybersecurity standard.
Last month, the online billing system of the Capital Development Authority (CDA) was hit by a ransomware attack that disrupted revenue collection and affected thousands of residents in Islamabad.
The hackers reportedly accessed sensitive billing data, demanded a Bitcoin ransom, and threatened to leak the stolen information on the dark web.
In response, the Interior Ministry formed a technical committee to investigate the breach and identify vulnerabilities in the digital infrastructure of the authority. The cyberattack also disrupted online bill payments, prompting the CDA to extend the deadline for water and conservancy charges until July 31.
Officials have assured the public that payments made before the attack remain secure, while technical teams continue working to restore the system.
