⚠️ Region Alert: UAE/Middle East
Cybersecurity researchers have identified a sustained cyber espionage campaign targeting multiple Pakistani law enforcement agencies, including the Balochistan and Islamabad Police. Attributed to threat actors aligned with both China and India, the operations spanned from February 2024 to April 2026. The attackers successfully compromised servers and network appliances hosting sensitive data such as biometric records, criminal case files, and national identity registrations.
The intrusion sets utilized a variety of malware, including PlugX, ShadowPad, Cobalt Strike, and Remcos RAT. In one notable instance, a China-linked actor hijacked a Complaint Management System (CMS) to deliver custom Rust-based and .NET implants disguised as portal updates. This convergence of multiple state-sponsored actors on the same targets highlights the strategic value of Pakistan's internal security and citizen data to regional adversaries.
Top comments (0)