Export Development Fund (EDF) of Pakistan – an autonomous body under the Ministry of Commerce – was hacked and considered the second biggest security breach in one year to be faced by Pakistani institution.
According to details, the data dump of more than 4GB in size allegedly comprises hexed passwords, email records, email history, files, and other sensitive material. The hack shows that the actor easily gained access to the EDF’s mainframe and extracted official records across numerous categories.
Raw snapshots of the hacked data confirm that the hacker is believed to be of foreign origin and is open to selling the data through his Telegram channel at a price tag of $400 or equivalent to Bitcoin.
Commerce Secretary Saleh Farooqi admitted that there was a brute-force attack on the EDF website and it was hacked. He said that the server was placed at COMSATS and managed by AHamson/COMSATS which has been restored and is now working properly.
The secretary mentioned that the email server has also been reactivated and is now secured. He added that usually, the emails include normal communication amongst the officers along with relevant stakeholders and contain information on projects as well. These are internal communications and do not seem to pose any threat to the operations of the Fund, he added.