The National Cyber Emergency Response Team (CERT) has directed all federal and government websites in Pakistan to immediately switch to “Read-Only” mode amid rising regional tensions and increased cyber threat activity.

The advisory was issued as a precautionary measure to protect official digital platforms from cyberattacks, website defacement attempts, and disinformation campaigns. According to the National CERT, all government departments have been instructed to take urgent steps to prevent unauthorized access and minimize cybersecurity risks.

Officials said the “Read-Only” mode is intended to reduce vulnerabilities that could be exploited by hackers. The agency warned that attackers may attempt to deface websites by altering webpage content to spread propaganda or fake information.

CERT also highlighted the risk of SQL injection attacks targeting interactive website features such as search bars, contact forms, and login systems, potentially exposing sensitive government or citizen data.

The advisory further warned that hackers could exploit file upload functions to install malicious web shells, enabling long-term unauthorized access to official systems. It also noted the possibility of Denial of Service (DoS) attacks designed to overload government portals and disrupt public services.

According to the agency, attackers may also target weaknesses in content management systems (CMS), including outdated plugins, themes, and poorly secured administrative panels.

The National CERT stated that the threats could originate from both state-sponsored advanced persistent threat (APT) groups and ideologically motivated hacktivists seeking either long-term infiltration or public attention through website disruptions.

Potential targets include federal and provincial government portals, databases, and citizen service platforms.

To strengthen cybersecurity defenses, CERT has recommended several immediate technical measures, including blocking all website modification requests, disabling interactive features, restricting database write permissions, and implementing strict IP-based access controls for backend systems.

The advisory also recommends deploying Content Delivery Networks (CDNs) to manage sudden traffic spikes and file integrity monitoring systems to detect unauthorized changes.

In case of a cyber incident, departments have been advised to maintain offline backups and keep static snapshots of websites ready for rapid restoration.

The National CERT has urged all government entities to implement the “Read-Only” mode immediately and instructed IT teams to continuously monitor activity logs for suspicious behavior.

Government departments have also been directed to report any cybersecurity incidents directly to the National CERT through its official response channels as authorities move to strengthen Pakistan’s digital infrastructure against evolving cyber threats.