ISLAMABAD: The Pakistani government has issued a cybersecurity advisory cautioning all information technology (IT) and financial institutions, including regulatory bodies, to avoid collaborating with, installing, or using artificial intelligence (AI) and information and communication technology (ICT) products of Indian origin.
The government cybersecurity advisory cites a potential “constant, concealed, and force multiplier threat” to Pakistan’s critical information infrastructure (CII) posed by these products.
The advisory, shared with federal and provincial ministries and sectoral regulators, highlighted that AI products and services are increasingly used globally across various industries, including finance and banking. It expressed concern that the fintech sector in Pakistan, as well as some banks, were engaging with Indian-origin companies offering IT products, cybersecurity solutions, and AI solutions.
The government’s concerns are twofold. First, it raises the possibility of backdoors or malware embedded in Indian-origin products to collect logs, data traffic analysis, and personally identifiable information (PII). Second, it warns of direct Indian access to Pakistan’s CII through technical means and access control, with passive monitoring capabilities.
To mitigate these risks, the government advises federal and provincial ministries and regulators to sensitize their affiliated organizations and licensees about the dangers associated with Indian-origin products and solutions. Instead, it encourages them to seek suitable and economical alternatives from Pakistani technical companies, with consultation provided by the Pakistan Software House Association (P@SHA).
India’s Past Cyberattacks on Pakistan
This advisory comes amid previous allegations that India had used cybersecurity vulnerabilities to spy on Pakistan and China. A US company, Exodus Intelligence, had claimed that India exploited “zero-day” vulnerabilities to gain deep access to Microsoft’s operating system. This incident led to India being cut off from purchasing new zero-day research from the company.
In 2020, Pakistan’s intelligence agencies also identified a major security breach targeting the devices of government officials and military personnel by Indian hackers. The breach included cybercrimes such as hacking personal mobiles and technical gadgets. The military’s media wing, Inter-Services Public Relations (ISPR), issued a statement at that time, stating that necessary measures were taken to enhance cybersecurity and investigate targets of hostile intelligence agencies.
