Pakistan Shifts Government Websites to Read-Only Mode Over Hacking Fears

Pakistan’s National Cyber Emergency Response Team (NCERT) has issued a nationwide cybersecurity advisory directing government departments and federal institutions to shift official websites into “Read-Only” mode amid fears of possible cyberattacks and digital sabotage attempts.

The advisory comes in response to what officials described as heightened regional tensions and increased hacktivist activity targeting government digital infrastructure and public-facing online platforms.

According to the advisory, the temporary “Read-Only” posture is intended to protect official websites from unauthorized modifications, misinformation campaigns, and attempts to spread hostile propaganda through compromised government portals.

NCERT warned that unrestricted web functionality during sensitive periods could expose government systems to several high-risk threats, including homepage defacement, database injection attacks, malicious file uploads, and denial of service (DoS) attacks.

The advisory specifically highlighted risks linked to interactive website features such as login portals, search bars, contact forms, and content management systems, which attackers may attempt to exploit to gain unauthorized access or manipulate online information.

Officials also warned that hackers could use upload functions to deploy malicious web shells capable of maintaining persistent access to government servers. In addition, attackers may abuse complex backend queries to trigger localized DoS attacks aimed at disrupting online public services.

According to NCERT, the threat landscape includes both state-sponsored Advanced Persistent Threat (APT) groups and ideologically motivated hacktivist organizations seeking either long-term infiltration or public-facing website defacement.

The advisory warned that successful cyberattacks on official platforms could damage public trust by spreading fake information or adversarial narratives through compromised government websites.

As part of the emergency measures, NCERT instructed departments to immediately:

• Restrict website modification requests
• Disable forms and administrative login systems
• Strengthen database permissions and access controls
• Monitor web logs for suspicious activity
• Deploy File Integrity Monitoring (FIM) systems
• Route traffic through Content Delivery Networks (CDNs) to mitigate cyberattacks and traffic spikes

Government institutions were also directed to maintain recent air-gapped backups and create static website snapshots for rapid restoration in case systems are compromised.

The advisory further urged IT teams across government departments to proactively monitor platforms for unauthorized modifications and ensure that all interactive entry points are sealed immediately.

While officials have not publicly confirmed any successful breach linked to the warning, cybersecurity experts say the advisory reflects growing concern over the security of Pakistan’s digital infrastructure amid rising global cyber warfare and disinformation threats.

Also read:

NCERT Warns of Rising Supply Chain Cyber Threats to Pakistan’s Critical Infrastructure