Pakistan’s FBR Suffered Cyber Attack – Network Access Sold On Dark Web

A major law enforcement entity in Pakistan managing taxation matters and revenue collection, the Federal Board of Revenue, has recently suffered a major cybersecurity incident. Soon after the cyber attack, the network access to FBR systems was put for sale on the dark web. The service confirmed that taxpayers’ data remained safe.

FBR Network Access For Sale On Russian Forum

Recently, Pakistan’s FBR suffered a huge cyber attack affecting the service’s systems and associated applications for hours.

Following the incident, FBR put up a simple statement regarding “data center optimization” on its site. Yet, they admitted some “anomaly” that created trouble during the process.

Federal Board of Revenue (FBR) has issued a clarification regarding in-progress service optimization activities at the FBR House Data Center Islamabad. FBR has explained that the technical team is currently migrating services…
The stakeholders, who are being provided services from the data center, are informed that there were unforeseen anomalies during the migration process, which has resulted in the unavailability of services since early hours of the last night.

Until then, FBR hadn’t precisely admitted a cyber attack on its website, but they did clarify things to the media.

After this chaotic incident, Hackread.com found the network access to FBR being sold on a Russian hacking forum. The sellers have demanded $26,000 for providing access to 2-3 systems alongside the instructions “steps” to infect all systems. Whereas, they further raise the price to $30,000 for access to all infected machines.

Source: Hackread.com

FBR Confirmed Cyber Attack

Following the cyber attack, FBR officials admitted the security breach. The incident seemingly happened around August 14, 2021, the country’s Independence Day, which made an official state to local media,

It is cyber terrorism on our Independence Day.

Regarding the subsequent measures, the officials stated,

Since the virtual environment has been damaged, we are trying to create a new virtual environment that may take up to two days.

It turned out that the attackers managed to intrude the systems by exploiting Microsoft Hyper-V. Consequently, the incident made FBR’s data center go offline for several hours.

According to recent reports, Pakistan’s spy agency had already warned FBR of cyberattacks. However, ignoring the alerts resulted in the hacking attack on 360 virtual machines and data centers.

Commenting on this matter, FBR Chairman Asim Ahmad said,

No such instructions were given by me. In such circumstances, systems are not shutdown but very closely monitored, which was being done.

Nonetheless, the service has assured that the incident did not affect taxpayers’ data, nor did FBR had any links to users’ banking transactions or accounts. As mentioned in tweets from FBR’s official Twitter account.

FBR has clarified that there is no linkage or access to banking transaction at any level with the banks or financial institutions…
Similarly, there is no finger print authentication mechanism available with FBR. The tax profile data of FBR has only offline bank account numbers which are not linked with banks or financial institutions.

For now, it remains unclear if the hackers still have held access to FBR’s systems sneakily, or are capable of another cyber attack.

Also, some other reports mention spearphishing attacks that led to this incident, instead of or together with Hyper-V exploit.

These things might be clarified in the future following the investigations.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil