The official data of Pakistan’s Finance Ministry has been exposed in what appears to be the largest cyber security breach that any Pakistani institution has ever experienced.
In December 2021, a hacker from an enemy country claimed to have accessed the Finance Ministry’s official data, which was categorically denied by the ministry’s spokesperson, Muzammil Aslam.
Three months later, the hacker has exposed some of the ministry’s sensitive data. This material is sensitive and pertains to other countries, international financial organizations, national institutions, ministries, and divisions.
The hacker responsible for the intrusion published an email dataset of a Finance Ministry Grade-17 official as evidence. The dataset spans the years 2014 to 2021. It comprises vital ministry official messages.
The veracity of the sample dataset was confirmed by a blog website. According to the dataset’s contents, the recipients of the Grade-17 official’s emails include China, the United States, Saudi Arabia, and dozens of other countries.
Official correspondence relating to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese debts, and other joint ventures between the two countries are among the emails linked with China.
It also includes information on loan repayments and restructuring in the United States, as well as Saudi loans and an oil facility.
In terms of international institutions, the information includes communications with the World Bank, Moody’s, the International Monetary Fund (IMF), Fitch Ratings, S&P Global, the Asian Development Bank (ADB), Credit Suisse, and hundreds of others.
Furthermore, the information depicts communication with governmental institutions, ministries, and divisions such as the Defence Ministry, the National Highway Authority (NHA), and hundreds of other comparable bodies.
Finally, the dataset includes all of the material from the Finance Ministry’s official meeting minutes.
When contacted by a well-known blog website, Muzammil Aslam, a spokesperson for the Ministry of Finance, stated, “The hacker’s claim appears to be untrue, and nothing of the sort has come to my notice.”
Zaki Khalid, a strategic analyst stationed in Rawalpindi, commented on the data leak, “This email dataset is one of many purportedly held by the cyber mercenary. He was visibly annoyed by the Pakistani Ministry of Finance’s rebuff of his previous successful intrusion and shared a sample to defend his personal integrity. Moreover, the hacker has indicated that further unspecified sensitive datasets could be leaked in the near future.”
Update
In a press release issued late in the evening, the Finance Division said that the news item circulating on social media “about hacker attempt on Finance Ministry and leakage of official data“ pertains to an incident of hacking which was reported some three months earlier.
The statement added that “instant steps were taken and a thorough cyber security audit was conducted”.
It further said that “the veracity of the news was not established. Meanwhile Finance Division has put in place numerous measures and protocols to further reinforce cyber security of its IT infrastructure and official data.”
To read our blog on “FIA detains a hacker who stole CA exam papers,” click here.