Islamabad, March 24, 2026 โ The National Cyber Emergency Response Team (CERT) has issued a high-urgency advisory warning that hostile actors may exploit hardware and software supply chains. The alert highlights serious risks to national critical infrastructure.
According to CERT, attackers are no longer limited to breaching networks. They now target the manufacturing, assembly, and delivery stages of hardware and software used in sensitive installations. These attacks could compromise entire sectors, including power, banking, and healthcare.
The advisory, titled Securing National Critical Infrastructure Against Supply Chain Exploitation, states that failing to secure the final delivery of hardware or software updates could result in systemic failures. CERT emphasized risks such as persistent backdoors, tampered devices, unlawful surveillance, and even potential disruption of defense capabilities.
CERT classified the threat profile as “highly targeted,” noting vulnerabilities in undisclosed vendor ownership, insecure transportation routes, and unverified third-party software dependencies. Indicators for organisations to monitor include tampered seals, unexplained shipment delays, abnormal software updates, and devices communicating with unknown servers.
To mitigate risks, CERT issued critical remediation steps. These include using X-ray and acoustic microscopy to inspect bulk hardware, sandboxing software updates before deployment, and verifying vendor ownership. Entities are also advised to adopt zero-trust verification and segment administrative networks to contain potential breaches.
The advisory outlined a response framework for compromised hardware. Measures include isolating affected batches, preserving evidence, switching to verified backup systems, and performing a full supply chain root cause analysis. Vendors failing security checks must be blacklisted, and anomalies must be reported immediately.
In other news read more about State Bank Holds Policy Rate Steady Amid Inflation and Global Uncertainty
While CERT did not identify any specific incidents, it warned organisations to treat every incoming hardware delivery as a potential threat. The advisory underscores the evolving nature of cyberattacks and the importance of stringent verification to protect national infrastructure.
