ISLAMABAD: A cyber incident involving the transmission of counterfeit WhatsApp messages and emails containing malicious attachments, purportedly from the Prime Minister’s Office (PMO) and the Special Investment Facilitation Council (SIFC) cell within the Prime Minister Secretariat to various ministries, has come to our attention.
According to official documents from the National Telecommunication and Information Security Board (NTISB) under the Cabinet Division, it has been revealed that these deceptive emails were sent to ministries and divisions, appearing to originate from the email address of a Joint Secretary (Coordination).
The fraudulent emails included attachments named Notice 3rd meeting EC SFIC.rar” and “Apex_agenda.rar” within the context of fake appointments.
Investigations regarding this incident are currently underway at NTISB/N-CERT. Based on preliminary findings, we would like to share the following crucial information with all ministries for their immediate attention:
Different phone numbers have been utilized by individuals falsely claiming to represent the SIFC Cell at the PM Secretariat to initiate communication via WhatsApp or email. Recipients are then urged to download files onto their computers. Please exercise caution and consider blocking WhatsApp messages or emails originating from these numbers.
Any email that makes reference to the SIFC Apex Committee or other committee meetings and includes a password-protected .rar file as an attachment should be opened with vigilance, and approval or vetting from the sender or the relevant department is advisable.
Any .rar file, even if it lacks a password, containing a .chm file and a .exe file or application should not be opened without prior approval from NITB staff.
It is essential to have antivirus software installed on all systems used for email access. Alternatively, consider using Apple MAC systems or installing a user-friendly PC version with suitable security measures.
For those ministries that opened an email on August 3, 2023, from the address JS COORD [email protected], it is recommended to block the IP address 151.236.30.248 in your firewall for outbound communications.
