Official emails of senior officers of the Ministry of Finance have allegedly been compromised in a cyber security breach.

As a result, official communication containing sensitive data related to the Ministry of Finance on the International Monetary Fund (IMF), Financial Action Task Force (FATF), China Pakistan Economic Corridor (CPEC), and other government departments have apparently been compromised.

The hacker has also shared a video teaser of the breached emails, the email addresses and the subjects. Judging by their past record, the contents of the compromised emails would be shared with anti-Pakistan elements with the aim to sabotage the country’s national security.

ProPakistani has not only obtained the video but also gained access to the file shared by the group. The file contains a preview of contents mentioning their senders, receivers, and subjects of 2500+ emails that were used for official communication with the Asian Development Bank (ADB), World Bank, Fitch Ratings, Credit Suisse, and hundreds of other national and international financial institutions.

When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, initially refused to comment regarding the breach but later blatantly denied that no official emails have been compromised and claimed that official communication is in safe hands.

According to Rawalpindi-based strategic analyst Zaki Khalid, “The hacker is a known cyber mercenary and has routinely breached sensitive data held in official systems. This latest incident was announced by the malign actor in a Telegram group”.

The hacker claims that the targeted email account belongs to a Joint Secretary in the federal government of Pakistan. Zaki believes this claim needs to be independently verified through a detailed technical audit of systems and networks in the federal government, particularly Finance Ministry.

Notably, the National Telecommunication and Information Security Board (NTISB) already issues circulars/notifications in this regard to government officials to update their antivirus software and other security protocols.

It should be mentioned here that the majority of ministry officials use their personal emails to communicate, which also means that perhaps the aforesaid security breach isn’t that of an official email ID but of a personal one.

The federal government needs to prioritize the establishment of a national authority that can manage or secure cyberspace. This is a need of the hour, and such matters need to be investigated at top priority. The guidelines of the NTISB aren’t being strictly implemented, and this matter should be urgently addressed by the Cabinet Division which directly falls under the domain of the Prime Minister’s Office.

Earlier this year, the federal government had also signed the National Cybersecurity Policy (NCP) 2021 into law. The policy declared a cyber-attack on national institutions as an attack on national sovereignty and made it mandatory for robust measures to be taken to consolidate the IT infrastructure of the government.

A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure. Moreover, data is an important resource in the era of 5th generation warfare and it falling into the hands of anti-state elements could jeopardize national security and sovereignty.