The Pakistan Telecommunication Authority (PTA) has warned that AI-powered cyberattacks are increasingly targeting the country’s telecom networks, exposing major vulnerabilities in digital defenses. The alarming trend was detailed in the PTA’s Cyber Security Annual Report 2024–25, which revealed a surge in sophisticated, identity-driven attacks built on stealth and deception.
According to the report, the National Telecom Security Operations Center (nTSOC) processed more than 10,000 critical alerts, escalated nearly 1,500 incidents, and blocked over 500 malicious infrastructure components. During April and May 2025, nTSOC recorded around 25 Distributed Denial of Service (DDoS) attacks and over 100 dark web threats, highlighting an escalation in AI-powered cyberattacks focused on credential theft and network disruption.
The report noted that adversaries are increasingly adopting “living-off-the-land” techniques that exploit legitimate tools and user privileges instead of deploying traditional malware. Common tactics include script interpreter abuse, credential theft, obfuscation, and social engineering, allowing attackers to bypass conventional antivirus and signature-based detection systems.
PTA’s operational data paints a vast and complex threat landscape. Over 150 cybersecurity advisories were issued via the National CERT portal, 534 malicious IPs and domains were blocked, and hundreds of leaked credentials belonging to telecom and public-sector employees were found on the dark web.
Government agencies, telecom operators, academic institutions, and law enforcement networks were among the most targeted sectors. Attackers employed credential stuffing, router exploits, phishing, ransomware, and website defacement to infiltrate systems and sell stolen data on underground markets.
The PTA identified several persistent and state-sponsored Advanced Persistent Threat (APT) groups behind many of these campaigns. Sidewinder used localized decoys and command-and-control servers, APT36 deployed Android spyware and malicious PDFs, APT41 targeted supply chain vulnerabilities, Turla used steganography and watering-hole tactics, and hacktivist group R00TK1T defaced judicial and municipal portals.
To mitigate these threats, the PTA has recommended mandatory multi-factor authentication, zero-trust frameworks, automated threat intelligence sharing, and mandatory breach reporting within 48 to 72 hours.
The report concluded that while Pakistan’s telecom sector has shown progress, 88 percent of licensees rated “Excellent” or “Very Good,” critical weaknesses persist in encryption, application security, and network monitoring. PTA emphasized that sustained investment, stronger inter-agency coordination, and adherence to CTDISR-2025 cybersecurity standards are vital to protect Pakistan’s digital infrastructure from evolving AI-driven threats.