As outlined in The Hacker News, SentinelOne cybersecurity researchers have disclosed details of sustained cyber espionage activity targeting several Pakistani law enforcement organizations. This activity, believed to be undertaken by suspected China- and India-aligned threat actors, spanned from February 2024 to April 2026.The compromised assets included servers hosting web applications that manage critical police and citizen data, such as criminal and biometric records, hotel and tenant registrations, and personnel files. A suspected China-nexus threat actor deployed a custom implant disguised as a portal update on the Complaint Management System (CMS), used by both police staff and citizens. SentinelOne identified compromised infrastructure linked to the Balochistan Police, Khyber Pakhtunkhwa Police, Islamabad Police, and the Punjab Safe Cities Authority. Four distinct threat clusters were observed, utilizing malware families like PlugX, ShadowPad, Cobalt Strike, and Remcos RAT.The Remcos RAT activity is associated with an India-nexus actor, while PlugX and ShadowPad are traditionally linked to Chinese state-sponsored groups. The convergence of these actors on Pakistani law enforcement highlights the high value of institutions that hold internal security information and threat intelligence to threat actors.Source: The Hacker News
Threat Intelligence
China and India-linked threat actors target Pakistani law enforcement

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



