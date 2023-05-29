Federal government asks ministries/divisions and provinces to allow internet access to specific users on need basis, restrict data usage/ applications rights.

ISLAMABAD - Russian APT group Kill Net has been targeting Pakistan’s government setups with numerous attack vectors includ­ing DDoS as the federal government has asked ministries/divisions and prov­inces to allow internet access to specific users on need basis and restrict data us­age/ applications rights.

The advisory said that Kill Net is a Rus­sian APT group that has been targeting Pakistan’s government setups with nu­merous attack vectors including DDoS at­tack. Profile of Kill Net Russian APT group operating from Kremlin, Russia and ac­tive since January, 2022, said the advi­sory. Kill Net is known for causing DDoS campaigns against USA and other Ukraine allies (NATO countries) in the backdrop of Russia-Ukraine war. Kill Net has often targeted Pakistan’s military and civil set­ups. Kill Net uses DDoS and brute, force dictionary attacks as main weapons to cause mass service disruption of vulner­able public facing CII. In most cases, Kill Net DDoS attacks have caused at short downtime for victims. However, it leads to embarrassment for nations globally.

An APT group may frequently change its techniques, tactics and procedures. However, recent DDoS attacks warrant to adopt proactive preventive measures against DDoS and other cyber-attacks. The advisory has asked the government departments regarding the preventive measures in this regard. Anti-DDOS administrative level measures include Monitor networks including file hashes, file locations, logins and unsuccessful login attempts,use reputed firewalls, use separate servers/routing for offline LAN and online networks. Restrict incoming traffic and user’s permissions to maxi­mum extent by implementing system hardening at OS, BIOS and application level, allow internet access to specific users on need basis and restrict data usage/ applications rights,verify soft­ware and documents before download­ing via digital code-signing technique, implement MFA in mailing systems ad­ministrator controls and other critical systems and always maintain back up of critical data periodically. Similarly, regu­larly change passwords at administrator level,egularly patch and update all OS, applications and other technical equip­ment, ensure anti-DDOS service is pro­vided with website domain hosting from ISP. Enable firewalls including Next Gen Firewall (NGF), Web Application Firewall (WAF) and Network Based Firewall etc.