The official Export Development Fund (EDF) website of Pakistan – an independent entity under the Ministry of Commerce – was hacked. The EDF website hacking is thought of being the second biggest data breach faced by any Pakistani institution. Saleh Farooqi, the secretary of commerce, confirmed in a statement that the EDF website had been hacked and subjected to a brute-force attack.
EDF Website Hacking: Threat Actor Gained Access to Personal and Sensitive Information
As per details provided by a local news blog, the EDF website weak security which made the intrusion possible. Moreover, the threat actor has allegedly gained access to 4GB of data which contains; files, hexed passwords, email records, email history, etc. It also contains other sensitive state information, such as; confidential information such as meeting minutes, sensitive documents, proposals, documents on proposals, trade information, bidding information, internal communications, dealings with foreign organizations, sensitive correspondence, etc.
The hacker had access to EDF’s mainframe from where he accessed the data from multiple categories. The raw snapshots of the hacked data show that the hacker is foreign-born and he is willing to sell the data for $400 or its equivalent in Bitcoin through his Telegram channel. According to Saleh; “Hacking is a serious thing but EDF does not deal with our sensitive stuff. Nevertheless, Our own fact-finding will be there.”
As per the latest details, the EDF website is fully restored and the email server has also been reactivated. The secretary of commerce mentioned that the emails include normal communication amongst the officers along with relevant stakeholders that does not seem to pose any threat to the operations of the fund. Intelligence analyst, Zaki Khalid, termed EDF website hacking as another regrettable example of how lightly cyber security compliance is treated. “Even though succeeding governments have occasionally provided recommendations, there are still implementation gaps. Evidently lacking is internal monitoring,” he added.