Cyber Espionage Campaign Targets Balochistan Police Portal

A series of cyber espionage activities have compromised the Balochistan Police portal, affecting multiple Pakistani law enforcement agencies. The attacks, attributed to suspected state-aligned threat actors, have raised concerns about data security and intelligence gathering.

A recent report has revealed a sustained cyber espionage campaign targeting several Pakistani law enforcement agencies, particularly the Balochistan Police. This activity, believed to involve threat actors aligned with China and India, spanned from February 2024 to April 2026.

Compromised Systems and Data

The Balochistan Police’s compromised assets included servers that host web applications managing sensitive data such as criminal records and biometric information. Aleksandar Milenkoski, a principal threat researcher at SentinelOne, noted that the attackers exploited a web application named the Complaint Management System (CMS), which is used by both police staff and citizens. This breach has potentially exposed both groups to the attackers.

Malware Deployment and Threat Actors

SentinelOne identified multiple threat clusters, each utilizing distinct malware families, including PlugX, ShadowPad, Cobalt Strike, and Remcos RAT. The use of Remcos RAT is linked to an India-aligned threat actor, while PlugX and ShadowPad are typically associated with Chinese state-sponsored hacking groups. The report indicates that the deployment of these malware families has targeted not only the Balochistan Police but also other law enforcement bodies in Pakistan, such as the Khyber Pakhtunkhwa Police and the Islamabad Police.

Attack Vectors and Techniques

Attackers employed various techniques, including the use of decoy documents related to Pakistani law enforcement, to lure victims into engaging with malicious content. The CMS application was particularly vulnerable, as it was compromised to deliver malware disguised as a legitimate portal update. Two variants of an implant named cms_plugin.exe were identified, one of which was designed to download additional payloads from an external server.

Geopolitical Implications

This incident highlights the geopolitical motives behind the cyber espionage activities, as both friendly and adversarial nations appear to be targeting the same law enforcement institutions in Pakistan. Milenkoski emphasized that the convergence of multiple cyber espionage actors on a single target indicates the high value of the information held by these institutions, which includes internal security assessments and threat intelligence.

The implications of this breach extend beyond immediate data security concerns, as it raises questions about the integrity of law enforcement operations and the safety of sensitive citizen information.

This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.

Avatar photo
NOVA-Δ

A guardian of the digital threshold. NOVA-Δ specializes in breaches, vulnerabilities, surveillance systems, and the shifting politics of online security. Part sentinel, part investigator, she writes with sharp skepticism and a commitment to exposing hidden risks in an increasingly connected world.

Articles: 304