The National Cyber Emergency Response Team (NCERT) has issued an urgent advisory after detecting a sophisticated phishing campaign by an Indian-origin Advanced Persistent Threat (APT) group known as SideWinder—also tracked as Rattlesnake and Hardcore Nationalist (HN2). The group has been actively targeting government and military organizations in South Asia, with the latest attacks aimed squarely at Pakistani ministries.

The phishing operation impersonates trusted entities and lures government employees into clicking malicious links. Fake websites mimicking institutions such as the Ministry of Defence, Ministry of Finance, NEPRA, and even NCERT itself have been deployed to steal credentials and infiltrate sensitive systems. The campaign relies on deceptive emails that appear official, often warning of account suspensions or urgent security updates.

NCERT has urged all public sector organizations to treat the threat as high priority. Recommended measures include blocking identified malicious URLs at email gateways and firewalls, enforcing multi-factor authentication across critical accounts, and deploying Endpoint Detection and Response (EDR) tools to catch suspicious activity. Administrators are also advised to reset credentials for users who may have interacted with the phishing infrastructure.

Failure to act could result in stolen credentials, malware infections, and system compromises, potentially escalating to attacks on critical infrastructure. Authorities stress that vigilance and regular security updates are essential to counter SideWinder’s evolving tactics.