Pakistan experienced more than 5.3 million on-device cyberattacks during the first three quarters of 2025, according to new data shared by global cybersecurity firm Kaspersky.

Presenting the country's evolving cyberthreat landscape at a media briefing following the CTI Summit 2025 in Islamabad, the company highlighted rising exploits, ransomware incidents, and advanced targeted attacks affecting both individuals and organizations.

Kaspersky experts warned that the increasing sophistication of cybercriminal tactics demands heightened vigilance and stronger security practices across all sectors.

According to Kaspersky's statistics, 27% of Pakistani users and 24% of corporate entities encountered malware through infected USB drives, CDs, DVDs, and hidden installers between January and September 2025.

The threats included ransomware, worms, backdoors, trojans, password stealers, and spyware. During the same period, over 2.5 million web-based attacks were blocked, with 16% of users and 13% of organizations exposed to phishing schemes, exploits, botnets, Remote Desktop Protocol intrusions, and spoofed Wi-Fi networks.

A breakdown of malware activity showed that more than 354,000 exploitation attempts were successfully stopped, along with 166,000 detections of banking malware. Kaspersky systems also prevented 126,000 spyware attacks, blocked 113,000 backdoors, and stopped 107,000 password-stealing programs. Meanwhile, 42,000 ransomware incidents were recorded, attacks that typically target high-value victims rather than relying on mass distribution.

The company noted that Pakistan continues to face significant risks from outdated systems and software vulnerabilities. Key exploited flaws included newly discovered issues in 7-Zip as well as older weaknesses in Microsoft Office, HTML, WinRAR, VLC Player, and Notepad++. Kaspersky emphasized the critical role of timely software updates, strong authentication, restricted remote access, and deployment of EDR and XDR solutions to reduce the attack surface.

Kaspersky also revealed that Pakistan remains a focus of seven Advanced Persistent Threat (APT) groups, which frequently target telecom operators, financial institutions, critical infrastructure, government bodies, and emerging commercial sectors.

One active campaign monitored in 2025 involved the APT group known as Mysterious Elephant, which aims to steal sensitive data, including documents, images, archived files, and even WhatsApp information. The group uses exploit kits, spear-phishing, malicious documents, and post-intrusion techniques to escalate privileges and exfiltrate data.

Kaspersky urged both individuals and organizations to adopt stronger cybersecurity measures. The company advised users to follow basic cyber hygiene, keep systems updated, secure devices with trusted solutions, and back up important data. For organizations, comprehensive IT infrastructure assessments, deployment of modern endpoint and extended detection tools, access to threat intelligence, and continuous employee training were recommended to counter Pakistan's rapidly evolving cyberthreat landscape.