BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

China, India groups target Pakistani police in cyber espionage

  • Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber espionage campaign between February 2024 and April 2026.
  • The operation compromised servers managing biometric records, criminal case files, and citizen data across agencies including Balochistan Police, Khyber Pakhtunkhwa Police, and Islamabad Police.
  • Four malware families — PlugX, ShadowPad, Cobalt Strike, and Remcos RAT — were deployed, with Remcos linked to an Indian-aligned group and the others to Chinese state hackers.
  • A Complaint Management System was weaponized to deliver custom implants to both police personnel and citizens, turning a public accountability tool into a malware distribution channel.

Cybersecurity researchers at SentinelOne SentinelLABS have uncovered a sustained cyber espionage campaign targeting multiple Pakistani law enforcement organizations by suspected China- and India-aligned threat actors between February 2024 and April 2026. The operation compromised network appliances and servers hosting web applications that manage biometric records, hotel and tenant registrations, criminal case files, and personnel records, according to principal threat researcher Aleksandar Milenkoski.

- Advertisement -

At Balochistan Police, compromised assets included two network appliances, web servers tied to the Smart Police Station digitalization initiative, and a Fortinet FortiMail appliance serving as the agency’s primary inbound email gateway. SentinelOne also detected compromised infrastructure at the Khyber Pakhtunkhwa Police, Islamabad Police, and Punjab Safe Cities Authority.

Four distinct threat clusters deployed unique malware families: PlugX, ShadowPad, Cobalt Strike, and Remcos RAT. The use of Remcos RAT has been linked to an India-nexus threat actor, while PlugX, ShadowPad, and Cobalt Strike are traditionally associated with Chinese nation-state hacking groups, as noted in prior reporting. The China-nexus actor compromised a Complaint Management System (CMS) to deploy a custom implant masquerading as a portal update.

Two variants of an implant called “cms_plugin.exe” were uploaded: a Rust stager downloading additional payloads from a remote server and a .NET executable masquerading as “360Safe.exe” to deliver an AsyncRAT client. The Remcos-related intrusion set shares infrastructure overlaps with a hacking group known as Mysterious Elephant, which has commonalities with India-nexus adversaries such as SideWinder and Confucius.

Attack chains employed lures related to Pakistani law enforcement, displaying decoy documents about repatriation of illegal foreigners including Afghan Citizen Card holders. The Cobalt Strike activity extends beyond Pakistan to government, academic, and telecommunications entities across Asia, the Middle East, and South America, including Tibetan Buddhist organizations in Taiwan. “When multiple cyberespionage actors operate against law enforcement institutions of a single state, the convergence itself is a signal of target value,” Milenkoski explained. “The compromise of the Complaint Management System extends the threat actor’s reach beyond the initially compromised environment, turning a tool built for accountability into a malware delivery mechanism.”

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

IMF: Dollar stablecoins may amplify currency runs in fixed-rate economies

An IMF working paper by economist Brandon Joel Tan models how dollar stablecoins improve...

Japan Plans to Legalize Cryptocurrency ETFs, Minister Says

Japanese Finance Minister Satsuki Katayama announced plans to legalize cryptocurrency ETFs.ETFs let investors gain...

Must Read

7 Best Cryptocurrency Lending Platforms in 2025 (Ranked & Reviewed)

QUICK LINKSOur MethodologyHow to Choose the Best Crypto Lending Platform: Key Factors to ConsiderIn-Depth Reviews of the 7 Best Crypto Lending Platforms1. Nexo -...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading