Multiple Pakistani agencies targeted in hacking campaigns linked to China and India

SentinelOne researchers reported July 9 that multiple Pakistani law enforcement agencies were targeted in separate hacking campaigns linked to groups associated with China and India.

Objective Facts

Multiple Pakistani law enforcement agencies were targeted in separate hacking campaigns linked to groups associated with China and India, according to cybersecurity firm SentinelOne researchers. The campaigns occurred between February 2024 and April 2026, with the Balochistan police as the most notable target. The affected organizations included Balochistan Police, Khyber Pakhtunkhwa Police, Islamabad Police, and the Punjab Safe Cities Authority. Researchers identified four malware families: PlugX and ShadowPad attributed to China-linked actors, Remcos to India-linked TAG-179, and Cobalt Strike to China-linked actors with medium confidence. Attackers focused on systems containing police, criminal, biometric, and citizen records. Regional media in Pakistan, India, and international outlets frame this primarily as a geopolitical intelligence-gathering operation reflecting broader South Asian tensions and Beijing's security concerns over CPEC.

Deep Dive

The campaigns offer a glimpse into foreign efforts to gather information on Pakistan's security challenges including militant violence, tensions with Afghanistan and the country's economic collaboration with China. The campaigns reveal how foreign actors seek information about Pakistan's security landscape shaped by militant violence, friction with Afghanistan, and Islamabad's economic ties with Beijing. Law enforcement agencies frequently lag behind military and diplomatic institutions in cybersecurity investment, even though they hold comparably sensitive material. Researchers have flagged gaps in how these institutions secure their networks, particularly at the provincial level, where resources for dedicated cybersecurity staff often fall short of what national agencies can deploy. For China, the likely primary concern is the safety of its nationals, the target of repeated deadly attacks Pakistan has failed to prevent, leading Beijing to assess that threat for itself rather than rely on its partner alone. For India, the strongest motive is probably the adversarial security relationship between India and Pakistan. Pakistan has long accused India of backing the Baloch insurgency, describing groups as an "Indian proxy," though India denies this. India accuses Pakistan of backing militant groups behind attacks in Kashmir, which Pakistan denies. The Baloch insurgency is a front in the antagonism between the two states, and Balochistan Police would hold the operational record of how Pakistan manages the province's security. Despite documenting extensive network access, SentinelLABS said several aspects remain unresolved: researchers could not retrieve the malware's second-stage payload, determine whether devices were successfully infected, or confirm information extraction. The overlapping campaigns illustrate how geopolitical rivalries increasingly play out through digital channels rather than solely through traditional intelligence gathering. As tensions between Pakistan and India persist alongside deepening economic cooperation between Pakistan and China, analysts expect law enforcement and security institutions in the region to remain attractive targets for state-linked hacking operations in the months ahead. The targeted agencies play a role in monitoring internal and external threats, and in coordinating the response of law enforcement and government authorities. A key question going forward is whether Pakistan will upgrade cybersecurity defenses at provincial law enforcement agencies and whether such upgrades could reduce the intelligence value these systems offer to foreign actors.

Regional Perspective

Pakistani outlets like Minute Mirror and Express Tribune reported on the SentinelOne findings describing distinct intrusion campaigns between February 2024 and April 2026 that struck Balochistan Police, Khyber Pakhtunkhwa Police, Islamabad Police, and the Punjab Safe Cities Authority. Pakistani media outlets note that South Asian and East Asian intelligence-linked actors increasingly view police and internal security databases as high value targets, providing outside observers a window into how foreign actors seek information about Pakistan's security landscape. Coverage in outlets like Pragativadi emphasizes the growing strategic importance of Pakistan's security infrastructure in regional cyber espionage, with Balochistan's strategic importance explaining why multiple cyberespionage groups focused on the province. For China, the region is central to CPEC, where the security of Chinese nationals and infrastructure projects remains a key concern. Pakistani news outlets highlight that Pakistan has faced repeated scrutiny over the resilience of its digital infrastructure as government ministries and police departments increasingly rely on networked systems, with cybersecurity researchers flagging gaps particularly at the provincial level where resources for dedicated cybersecurity staff often fall short. Both Pakistan and India are alleged to have conducted cyber espionage campaigns against each other, with attacks targeting Indian government, academic and strategic institutions, as well as Pakistani government agencies and critical infrastructure operators. The regional angle emphasizes mutual suspicion and dual vulnerabilities rather than focusing on victimhood; Pakistani outlets acknowledge both that their systems are weak and that intelligence agencies from neighboring powers view these gaps as opportunities.

OBJ SPEAKING

Create StoryTimelinesVoter ToolsRegional AnalysisPolicy GuideAll StoriesCommunity PicksUSWorldPoliticsBusinessHealthEntertainmentTechnologyAbout

Multiple Pakistani agencies targeted in hacking campaigns linked to China and India

SentinelOne researchers reported July 9 that multiple Pakistani law enforcement agencies were targeted in separate hacking campaigns linked to groups associated with China and India.

Jul 9, 2026· Updated Jul 10, 2026
What's Going On
  • SentinelOne found evidence of hacking campaigns between February 2024 and April 2026, most notably against the Balochistan police.
  • Affected organizations included Balochistan Police, Khyber Pakhtunkhwa Police, Islamabad Police, and the Punjab Safe Cities Authority (PSCA).
  • SentinelOne attributed PlugX and ShadowPad campaigns to suspected China-linked threat actors, while Remcos activity is associated with suspected India-linked group TAG-179.
  • SentinelLABS believes Chinese-linked activity was motivated by concerns over safety of Chinese nationals in Pakistan, with repeated attacks leading Beijing to seek independent insight into Pakistan's internal security.
  • Both China and India routinely deny involvement in state sponsored hacking when allegations surface. Regional outlets across Pakistan, India emphasized the geopolitical dimension of these attacks on law enforcement systems.
Region says: Pakistani outlets emphasize how geopolitical rivalries increasingly play out through digital channels, noting that as tensions between Pakistan and India persist alongside deepening economic cooperation between Pakistan and China, law enforcement and security institutions are expected to remain attractive targets for state-linked hacking. The story reveals asymmetric motivations: China's concern over protecting nationals working on CPEC projects versus India's strategic interest in Balochistan's separatist dynamics.
Objective Deep Dive

The campaigns offer a glimpse into foreign efforts to gather information on Pakistan's security challenges including militant violence, tensions with Afghanistan and the country's economic collaboration with China. The campaigns reveal how foreign actors seek information about Pakistan's security landscape shaped by militant violence, friction with Afghanistan, and Islamabad's economic ties with Beijing. Law enforcement agencies frequently lag behind military and diplomatic institutions in cybersecurity investment, even though they hold comparably sensitive material. Researchers have flagged gaps in how these institutions secure their networks, particularly at the provincial level, where resources for dedicated cybersecurity staff often fall short of what national agencies can deploy.

For China, the likely primary concern is the safety of its nationals, the target of repeated deadly attacks Pakistan has failed to prevent, leading Beijing to assess that threat for itself rather than rely on its partner alone. For India, the strongest motive is probably the adversarial security relationship between India and Pakistan. Pakistan has long accused India of backing the Baloch insurgency, describing groups as an "Indian proxy," though India denies this. India accuses Pakistan of backing militant groups behind attacks in Kashmir, which Pakistan denies. The Baloch insurgency is a front in the antagonism between the two states, and Balochistan Police would hold the operational record of how Pakistan manages the province's security. Despite documenting extensive network access, SentinelLABS said several aspects remain unresolved: researchers could not retrieve the malware's second-stage payload, determine whether devices were successfully infected, or confirm information extraction.

The overlapping campaigns illustrate how geopolitical rivalries increasingly play out through digital channels rather than solely through traditional intelligence gathering. As tensions between Pakistan and India persist alongside deepening economic cooperation between Pakistan and China, analysts expect law enforcement and security institutions in the region to remain attractive targets for state-linked hacking operations in the months ahead. The targeted agencies play a role in monitoring internal and external threats, and in coordinating the response of law enforcement and government authorities. A key question going forward is whether Pakistan will upgrade cybersecurity defenses at provincial law enforcement agencies and whether such upgrades could reduce the intelligence value these systems offer to foreign actors.