
A cybersecurity company has released a report claiming that Pakistani police networks were targeted by hacking groups linked to both China and India in a series of separate cyberattack campaigns.
SentinelOne, a cybersecurity firm based in Mountain View, California that specializes in AI-driven threat defense, published the report on Thursday. It found evidence of multiple intrusions carried out by hacking groups associated with both countries between February 2024 and April 2026.
The most significant target identified in the report was the Balochistan Police, which serves Pakistan’s southwestern province. According to SentinelOne, the compromised assets there included network equipment, web servers, and online applications — among them a complaint management system containing both police and citizen data, including criminal and biometric records. Researchers say a suspected China-linked actor embedded custom malicious software into one of those web applications.
Aleksandar Milenkoski, a principal threat researcher at SentinelOne, wrote in the report that “When multiple cyberespionage actors operate against law enforcement institutions of a single state, the convergence itself is a signal of target value.”
Beyond Balochistan, the report identified additional targets including the Khyber Pakhtunkhwa Police, the Islamabad Police, and the Punjab Safe Cities Authority.
SentinelOne said the China-linked hacking activity relied on tools including PlugX, ShadowPad, and Cobalt Strike. Researchers believe the motivation was primarily concern for the safety of Chinese nationals working in Pakistan, particularly those connected to China-Pakistan Economic Corridor projects, following a series of attacks by groups such as the Balochistan Liberation Army.
The India-linked activity, associated with a tool called Remcos and actors identified as TAG-179, focused heavily on Balochistan. The report suggests this stemmed from the broader rivalry between India and Pakistan, with hackers seeking intelligence on how the province manages its security amid ongoing accusations between the two countries over support for militant groups.
The Khyber Pakhtunkhwa Police acknowledged that one user login credential had been compromised but said no core systems were accessed. The Balochistan Police and other agencies did not respond to requests for comment. China denied any involvement in such activities, while India had not commented on the report at the time of publication.
SentinelOne noted that Pakistani law enforcement agencies are attractive targets for foreign intelligence-linked hackers because they hold detailed information about the country’s internal security situation, including threats and responses to them — drawing interest from both a strategic partner and a regional rival.
The report comes as Pakistan faces a significant increase in terrorist violence, especially in Khyber Pakhtunkhwa and Balochistan, where security forces have experienced frequent attacks and insurgent activity has grown more intense.
As of now, no official government source has confirmed or denied the report’s findings.








