Get all your news in one place.
100's of premium titles.
One app.
Start reading
The Independent UK
The Independent UK
Shweta Sharma

How hackers linked to China and India targeted Pakistan’s law ​enforcement agencies

China and India-linked hackers targeted multiple Pakistani law ​enforcement agencies over a two-year period, compromising sensitive police and citizen data, according to a new cybersecurity report.

Researchers at cybersecurity firm SentinelOne said on Thursday that they found evidence that suspected cyber attackers from India and China were active separately between 2024 and 2026.

They targeted Balochistan Police, Khyber Pakhtunkhwa Police, Islamabad Police and the Punjab Safe Cities Authority using malware associated with malware.

But it was Balochistan Police – the force that serves Pakistan’s largest province by area and is home to a long-running separatist insurgency – that became a high-value intelligence target because the region is strategically important to both China and India.

The report said Balochistan Police were the main target, with attackers compromising computer systems that managed sensitive police and public records, including biometric data, criminal case files, police personnel records, hotel and tenant registrations, and citizen complaints.

“When multiple cyber espionage actors operate against law enforcement institutions of a single state, the convergence itself is ​a signal of target value,” Aleksandar Milenkoski, a principal threat researcher at SentinelOne, wrote in a blog, published on Thursday.

This picture taken on May 23, 2018 shows a Chinese worker at a Chinese-backed power plant under construction in Islamkot in the desert in the Tharparkar district of Pakistan's southern Sindh province (AFP/Getty)
This picture taken on May 23, 2018 shows a Chinese worker at a Chinese-backed power plant under construction in Islamkot in the desert in the Tharparkar district of Pakistan's southern Sindh province (AFP/Getty)

“What draws them ​is a particular kind of institution: one that holds the government's internal security picture, what it ⁠knows about the threats inside its borders, and how it acts against them.”

The evidence offered a rare glimpse into foreign efforts to gather information on Pakistan’s longstanding security challenges, including insurgency, tensions with Afghanistan, and the country's economic collaboration with China.

While Chinese interest in the agencies could be linked to the Chinese nationals working in various infrastructure projects in Pakistan, who have been targeted in deadly attacks in recent years, India’s were related to its border tensions with Pakistan.

Hackers compromised Balochistan Police's Complaint Management System (CMS) by using malware disguised as a software update that was uploaded to the portal, potentially infecting police officers using the system and members of the public checking the status of complaints, according to the report.

A Pakistani points at a computer screen showing the hacked official website of Rawalpindi police displaying pictures of slain Al-Qaeda leader Osama bin Laden bin (top R) and former leaders of Pakistani Taliban Baitullah Mehsud (L bottom) and Hakimullah Mehsud (C bottom), both killed in two separate US drone attacks, in Islamabad (AFP/Getty)
A Pakistani points at a computer screen showing the hacked official website of Rawalpindi police displaying pictures of slain Al-Qaeda leader Osama bin Laden bin (top R) and former leaders of Pakistani Taliban Baitullah Mehsud (L bottom) and Hakimullah Mehsud (C bottom), both killed in two separate US drone attacks, in Islamabad (AFP/Getty)

The malware could have enabled attackers to gain access to the devices of officers or citizens who downloaded the fake update, according to the report.

The researchers said they linked one of the malware samples to a Chinese-speaking developer based on coding artefacts and development environment indicators found in related files.

The report said that the intrusions show “how domestic security institutions can become high-value intelligence targets when the threats they monitor overlap with foreign intelligence requirements”.

Liu Chang, the spokesperson for the Chinese Embassy in Washington, said China "firmly opposes and combats all forms of cyberattacks in accordance with the law and does not allow ​any country or individual to engage in such illegal activities within China's territory or by using China's infrastructure".

The Independent has approached the Indian government for comment.

The Khyber ⁠Pakhtunkhwa police told Reuters in a statement that security of its systems is “a matter of the highest priority”, and that “there is no evidence that any core KP police system, network, or critical application has been successfully compromised.”

“It is pertinent to mention that during the heightened ⁠Pakistan–India tensions ​last year, KP Police experienced an increase in attempted cyber activities,” the agency ​said, and that in “one isolated incident, the login credentials of an end user were compromised.”

Balochistan, Pakistan’s largest but least populous province, has long grappled with a decades-long separatist insurgency fighting for independence from Pakistan, with the movement continually driving intense clashes and geopolitical tensions. Baloch separatist groups primarily attack the Pakistani military or Chinese nationals and their interests.

It has also been the scene for attacks by the Pakistani Taliban, known as Tehrik-e-Taliban Pakistan, or TTP, a militant group separate from but allied with the Afghan Taliban. The TTP has grown stronger since the Afghan Taliban returned to power in Afghanistan in 2021.

Sign up to read this article
Read news from 100's of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.