Find notable cyber news and cases, enriched with sources, timelines, and signals.

China- and India-nexus espionage campaign targeting Pakistani police

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

A China- and India-nexus espionage campaign targeted Pakistani law enforcement over an extended period, putting sensitive police and identity records at risk. The operation focused on Balochistan Police and reached systems used for biometric records, criminal case files, and tenant registrations. One actor also compromised the force’s Complaint Management System (CMS) and used implants to blend into a portal update. The activity points to sustained intelligence collection against a high-value policing target set.

Related Happenings

Balochistan Police hit by network compromise

Incident
H score25 First: 11.07.2026 20:49 Last: 11.07.2026 20:49 Sources 1

How related: The standout finding was the compromise of the force's Complaint Management System (CMS), used by both officers and citizens checking a complaint.

About this happening: **Balochistan Police** suffered a long-running **compromise** of police infrastructure and a public-facing **Complaint Management System (CMS)**, with exposure spanning **June 2,...

China- and India-linked cyberespionage campaign against Pakistani law enforcement

Campaign
H score35 First: 10.07.2026 14:55 Last: 10.07.2026 14:55 Sources 1

About this happening: **Suspected China- and India-aligned threat actors** ran a **Feb 2024–Apr 2026** cyberespionage campaign against **Pakistani law enforcement**, with **Balochistan Police** and oth...

Timeline

  1. 09.07.2026 03:00 2 articles · 4d ago

    SentinelLabs links China- and India-nexus operators to campaigns against Pakistani police

    Initial Disclosure

    SentinelLabs published analysis on July 9, 2026 describing intrusion campaigns by suspected China- and India-nexus actors against several Pakistani law enforcement bodies between February 2024 and April 2026, with activity concentrated on Balochistan Police. The analysis said the observed C2 activity grouped into four clusters, with PlugX, ShadowPad and Cobalt Strike pointing to China-nexus operators and a Remcos cluster tied to TAG-179, overlapping with Bitter, while the compromised environment included the force's Complaint Management System, portal implants, and systems holding biometric, criminal case, and tenant-registration data.

    Show sources