Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Espionage Campaigns Target Pakistani Police Portals

Espionage Campaigns Target Pakistani Police Portals

Posted on July 11, 2026 By CWS

Cybersecurity experts have revealed a prolonged cyber espionage campaign targeting several Pakistani law enforcement bodies. This activity, attributed to suspected China and India-aligned threat actors, spanned from February 2024 to April 2026 and compromised critical police infrastructure.

Compromise of Police Infrastructure

The attacks primarily focused on network appliances and servers that manage sensitive data, including biometric records and police personnel files. Aleksandar Milenkoski of SentinelOne highlighted that the Balochistan Police’s web applications, which handle crucial data like criminal records, were among those compromised. The Complaint Management System (CMS), a key application used by police and citizens alike, was manipulated to deploy a malicious implant disguised as a routine update.

In addition to Balochistan, other Pakistani law enforcement agencies such as the Khyber Pakhtunkhwa Police and the Islamabad Police were also affected. Each of these organizations had their infrastructures breached, hinting at a coordinated effort to infiltrate Pakistan’s police networks.

Identifying the Threat Actors

Four distinct threat clusters were identified, employing various malware families like PlugX, ShadowPad, Cobalt Strike, and Remcos RAT. The latter has been associated with India-nexus threat actors, while PlugX and ShadowPad’s deployment points towards Chinese state-affiliated groups. Their attack patterns, observed between February and December 2024, suggest a broader campaign targeting not just law enforcement but also governmental and non-governmental entities across Asia and beyond.

The Remcos RAT attacks share similarities with the Mysterious Elephant group, known for its links to Indian adversaries. This group’s tactics include using decoy documents related to Pakistani law enforcement operations to lure targets into their trap.

Broader Implications and Future Outlook

The Cobalt Strike activities indicate a wide-reaching espionage effort by China-nexus actors, extending their reach to various sectors such as academia and telecommunications across multiple continents. The involvement of Tibetan Buddhist organizations in Taiwan underscores the geopolitical motivations behind these cyber intrusions.

An in-depth analysis of the Balochistan Police breach revealed the compromise of multiple assets, including two network appliances and several web servers hosting police applications. These breaches were part of the agency’s digitalization initiative, aimed at improving policing efficiency but inadvertently providing a channel for cyber threats.

This series of attacks highlights the strategic importance of law enforcement data for foreign intelligence operations. According to Milenkoski, such convergence of multiple espionage actors signifies the high value placed on internal security information held by the police. The compromise of citizen-facing applications, like the CMS, underscores the dual impact of these attacks—threatening both public security and law enforcement integrity.

As geopolitical tensions continue to influence cyber espionage activities, Pakistan’s law enforcement agencies must strengthen their cyber defenses to protect sensitive information from becoming a pawn in international cyber conflicts.

The Hacker News Tags:Balochistan Police, Chinese hackers, cyber attacks, cyber espionage, Cybercrime, Cybersecurity, Espionage, Indian hackers, law enforcement, Malware, network security, Pakistan, police data, SentinelOne, Threat Actors

Post navigation

Previous Post: Compromised jscrambler npm Package Drops Infostealer

Related Posts

How Continuous Exposure Management Transforms Security Operations How Continuous Exposure Management Transforms Security Operations The Hacker News
Policy, Isolation, and Data Controls That Actually Work Policy, Isolation, and Data Controls That Actually Work The Hacker News
CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More The Hacker News
MS Teams Hack, MFA Hijacking, B Crypto Heist, Apple Siri Probe & More MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More The Hacker News
Windows Shell Vulnerability Exploited, Microsoft Confirms Windows Shell Vulnerability Exploited, Microsoft Confirms The Hacker News
64% of 3rd-Party Applications Access Sensitive Data Without Justification 64% of 3rd-Party Applications Access Sensitive Data Without Justification The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer
  • Ghostcommit Exploit Hides Malicious Code in Images
  • Ghost Accounts Exploit GitHub API in Major Reconnaissance Effort
  • MacOS Screen Sharing Issue in Microsoft Teams

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer
  • Ghostcommit Exploit Hides Malicious Code in Images
  • Ghost Accounts Exploit GitHub API in Major Reconnaissance Effort
  • MacOS Screen Sharing Issue in Microsoft Teams

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark