China and India-Linked Hackers Target Pakistani Police Force in Cyber Attacks

www.news4hackers.com-china-and-india-linked-hackers-target-pakistani-police-force-in-cyber-attacks-china-and-india-linked-hackers-target-pakistani-police-force-in-cyber-attacks

New research from SentinelOne reveals that state-sponsored hacking groups associated with China and India conducted prolonged cyber operations targeting Pakistani law enforcement agencies between February 2024 and April 2026.

Research Findings

The campaigns primarily focused on networks within the Balochistan Police, with attackers compromising systems linked to biometric databases, criminal case management, personnel records, and public-facing complaint portals.

Targeted Networks

The intrusion activities were categorized into four distinct clusters based on malware families and infrastructure: PlugX, ShadowPad, Cobalt Strike, and Remcos.

Malware Clusters

Researchers noted that clusters utilizing common or widely available tools, such as Cobalt Strike, could involve multiple threat actors, while the Remcos-based operations were attributed to a single, tracked group.

Strategic Motivations

The Chinese-linked activities align with broader strategic interests, as Beijing has expressed concerns over the safety of its citizens involved in Belt and Road Initiative projects in Pakistan. These projects have faced repeated cyberattacks attributed to Baloch separatist groups, prompting Chinese authorities to scrutinize Islamabad’s security measures.

India’s Involvement

India-linked operations coincide with longstanding tensions between Islamabad and New Delhi over alleged support for Baloch separatists. Indian intelligence is likely seeking insights into how Pakistani authorities manage the insurgency, which has been a point of contention between the two nations.

Attack Methods

A critical component of the campaigns involved deploying malicious files disguised as software updates on the Balochistan Police’s public Complaint Management System. This portal, used by both law enforcement and civilians, was exploited to deliver payloads, expanding the attack surface.

Attribution Challenges

Analysis of malware samples revealed code patterns and artifacts linking the intrusion to a Chinese-speaking developer. The research team emphasized the complexity of attributing such operations, given the overlapping tactics and shared infrastructure across multiple threat groups.

The findings highlight the increasing sophistication of cross-border cyber operations, where state-sponsored actors leverage advanced persistent threats to gather intelligence on regional adversaries.

Conclusion

The prolonged nature of the campaigns underscores the challenges of detecting and mitigating such intrusions, particularly when targeting critical public infrastructure.



About Author

en_USEnglish