Threat Intelligence

China and India-linked threat actors target Pakistani law enforcement

Plain code with the word "cyberattack" in red.

As outlined in The Hacker News, SentinelOne cybersecurity researchers have disclosed details of sustained cyber espionage activity targeting several Pakistani law enforcement organizations. This activity, believed to be undertaken by suspected China- and India-aligned threat actors, spanned from February 2024 to April 2026.

The compromised assets included servers hosting web applications that manage critical police and citizen data, such as criminal and biometric records, hotel and tenant registrations, and personnel files. A suspected China-nexus threat actor deployed a custom implant disguised as a portal update on the Complaint Management System (CMS), used by both police staff and citizens. SentinelOne identified compromised infrastructure linked to the Balochistan Police, Khyber Pakhtunkhwa Police, Islamabad Police, and the Punjab Safe Cities Authority. Four distinct threat clusters were observed, utilizing malware families like PlugX, ShadowPad, Cobalt Strike, and Remcos RAT.

The Remcos RAT activity is associated with an India-nexus actor, while PlugX and ShadowPad are traditionally linked to Chinese state-sponsored groups. The convergence of these actors on Pakistani law enforcement highlights the high value of institutions that hold internal security information and threat intelligence to threat actors.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds