Balochistan Police hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The Balochistan Police suffered a compromise of servers, network appliances, and a complaints portal, putting police operations and citizen data at risk. The affected environment included systems handling criminal records and biometric records, along with complaint-tracking workflows. The compromise window spanned June 2, 2024 to April 9, 2026, indicating a long-lived foothold. The attacker also extended access into the Complaint Management System, broadening exposure beyond the initially affected assets.
Related Happenings
China- and India-linked cyberespionage campaign against Pakistani law enforcement
Campaign
H score35
First: 10.07.2026 14:55
Last: 10.07.2026 14:55
Sources 1
How related:
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026.
About this happening:
**Suspected China- and India-aligned threat actors** ran a **Feb 2024–Apr 2026** cyberespionage campaign against **Pakistani law enforcement**, with **Balochistan Police** and oth...
China- and India-linked cyberespionage campaign against Pakistani law enforcement
CampaignHow related: Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026.
About this happening: **Suspected China- and India-aligned threat actors** ran a **Feb 2024–Apr 2026** cyberespionage campaign against **Pakistani law enforcement**, with **Balochistan Police** and oth...
APT28 FrostArmada DNS hijacking and AitM credential theft campaign
Campaign
H score45
First: 07.04.2026 18:51
Last: 07.04.2026 18:51
Sources 1
About this happening:
A multinational disruption effort has taken down **FrostArmada**, an **APT28** campaign that hijacked router DNS settings to steal **Microsoft account credentials** and OAuth toke...
APT28 FrostArmada DNS hijacking and AitM credential theft campaign
CampaignAbout this happening: A multinational disruption effort has taken down **FrostArmada**, an **APT28** campaign that hijacked router DNS settings to steal **Microsoft account credentials** and OAuth toke...
Timeline
-
11.07.2026 20:49 2 articles · 3h ago
Balochistan Police web servers and FortiMail gateway are compromised
Campaign Scope UpdateCompromised Balochistan Police assets included two network appliances, web servers hosting Smart Police Station applications, and a Fortinet FortiMail appliance that served as the agency's primary inbound email gateway, affecting systems that manage criminal, biometric, and personnel records.
Show sources
- Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns — thehackernews.com — 11.07.2026 20:49
- Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns — thehackernews.com — 11.07.2026 20:49
-
11.07.2026 20:49 1 articles · 3h ago
Complaint Management System is turned into a malware delivery mechanism
Technical Analysis UpdateThe Complaint Management System (cms.balochistanpolice.gov[.]pk), used by police staff and citizens to register, track, and resolve complaints, hosted two cms_plugin.exe implants: a Rust stager that fetched a payload from 193.42.25[.]65 and a .NET loader masquerading as 360Safe.exe that reflectively loaded an AsyncRAT client.
Show sources
- Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns — thehackernews.com — 11.07.2026 20:49