Hackers Exploit Balochistan Police Portal in Coordinated Espionage Campaigns

Published:

spot_img

Hackers Exploit Balochistan Police Portal in Coordinated Espionage Campaigns

Cybersecurity researchers have unveiled a significant cyber espionage campaign targeting multiple Pakistani law enforcement agencies, attributed to threat actors believed to be aligned with China and India. This activity, which spanned from February 2024 to April 2026, raises serious concerns about the security of sensitive governmental data and the implications for national security.

Targeting Law Enforcement Infrastructure

The Balochistan Police were notably affected, with compromised assets including servers that host critical web applications managing police and citizen data, such as criminal and biometric records. Aleksandar Milenkoski, principal threat researcher at SentinelOne, highlighted the severity of the breach, stating that the attackers accessed infrastructure managing sensitive information related to criminal case files and personnel records.

The attackers exploited vulnerabilities in network appliances and servers, specifically targeting web applications that handle biometric records and national identity-linked registrations. One of the compromised applications, the Complaint Management System (CMS), serves both police staff and citizens, effectively placing both user groups within the attackers’ reach.

SentinelOne’s analysis revealed that several other Pakistani law enforcement organizations, including the Khyber Pakhtunkhwa Police, Islamabad Police, and the Punjab Safe Cities Authority (PSCA), were also affected by this coordinated attack.

Diverse Malware Deployment

The investigation identified four distinct threat clusters, each utilizing unique malware families: PlugX, ShadowPad, Cobalt Strike, and Remcos RAT. The Remcos RAT has been linked to an India-aligned threat actor, while the other malware families are associated with Chinese nation-state hacking groups. The deployment of PlugX and ShadowPad, the latter being a successor to PlugX, is particularly concerning as these tools have a history of being used in sophisticated cyber espionage operations.

SentinelOne noted that the victimology associated with PlugX and ShadowPad extends beyond Pakistani law enforcement, encompassing various entities across South, Southeast, Central, and East Asia, as well as the Arabian Peninsula and Southeast Europe. This pattern aligns with the intelligence-gathering objectives of China-aligned threat actors.

Implications for Regional Security

The Remcos-related intrusion set shares infrastructure and tactics with a group known as Mysterious Elephant, which has connections to other India-aligned adversaries. This overlap underscores the geopolitical dimensions of the cyber threats facing Pakistan, as both allied and adversarial nations appear to be targeting the same institutions for intelligence purposes.

Attack chains employed by the hackers have utilized lures related to Pakistani law enforcement, including decoy documents that claim to outline operational plans for the repatriation of illegal foreigners, such as Afghan Citizen Card holders. This tactic not only demonstrates the attackers’ sophistication but also highlights the potential for misinformation and further destabilization within the region.

Compromised Assets and Malware Delivery Mechanisms

Further analysis of the Balochistan Police’s compromised assets revealed that between June 2, 2024, and April 9, 2026, two network appliances, web servers associated with the Smart Police Station digitalization initiative, and a Fortinet FortiMail appliance were breached. One of the infected applications, the CMS, is critical for registering and resolving citizen complaints.

Two variants of an implant named “cms_plugin.exe” were discovered on the CMS platform. One variant is a Rust stager designed to download additional payloads, while the other masquerades as a legitimate executable used by Qihoo 360 Total Security, allowing the attackers to implement an AsyncRAT client.

The implications of these breaches are profound. The convergence of multiple cyber espionage actors targeting a single institution signals the high value placed on the data held by law enforcement agencies. Milenkoski emphasized that such institutions hold vital intelligence regarding internal security and threats, making them prime targets for foreign adversaries.

Conclusion

The exploitation of the Complaint Management System by cyber adversaries not only jeopardizes the integrity of law enforcement operations in Pakistan but also transforms a tool intended to enhance public accountability into a vehicle for malware distribution. This incident underscores the critical need for robust cybersecurity measures within governmental institutions, particularly in regions facing complex geopolitical dynamics.

As cyber threats continue to evolve, the necessity for enhanced security protocols and international cooperation in combating cyber espionage becomes increasingly apparent.

Source: thehackernews.com

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

UAE Strengthens Leadership as Top Arab Nation in 2026 Environmental Performance Index

UAE Strengthens Leadership as Top Arab Nation in 2026 Environmental Performance Index The United Arab Emirates (UAE) has achieved the top position among Arab nations...

Compromised jscrambler 8.14.0 npm Release Risks Developer Secrets with Malicious Infostealer

Compromised jscrambler 8.14.0 npm Release Risks Developer Secrets with Malicious Infostealer A significant security incident has emerged with the release of version 8.14.0 of the...

Vietnamese Developers Accelerate Urban Transformation with Innovative Ecosystem Models

Vietnamese Developers Accelerate Urban Transformation with Innovative Ecosystem Models HO CHI MINH CITY, VIETNAM - As global urban challenges become more complex, Vietnamese developers are...

OpenAI Strengthens Indian Language AI with Localized Tools and Educational Features

OpenAI Strengthens Indian Language AI with Localized Tools and Educational Features India has emerged as OpenAI’s second-largest market globally, driven by a vast, mobile-first population...