Key facts
- Multiple Pakistani law enforcement agencies were targeted in separate hacking campaigns.
- Groups associated with China and India were linked to these campaigns.
- The intrusions occurred between February 2024 and April 2026.
- Targets included Balochistan police, Khyber Pakhtunkhwa police, Islamabad police, and the Punjab Safe Cities Authority.
- The campaigns aimed to gather intelligence on Pakistan's security challenges, including militant violence and tensions with Afghanistan.
Multiple Pakistani law enforcement agencies were targeted in separate hacking campaigns linked to groups associated with China and India, according to cybersecurity firm SentinelOne. The researchers found evidence of these intrusions between February 2024 and April 2026.
The campaigns provide insight into foreign efforts to gather information on Pakistan's security challenges, such as militant violence, tensions with Afghanistan, and its economic collaboration with China. Aleksandar Milenkoski, a principal threat researcher at SentinelOne, noted that multiple cyberespionage actors targeting law enforcement institutions of a single state signals the high value of these targets, as they hold critical internal security information.
The targeted agencies are responsible for monitoring internal and external threats and coordinating law enforcement responses. The Balochistan police, serving Pakistan's southwestern province, was a notable target. The report indicated that Chinese interest might stem from concerns over the safety of Chinese nationals working in Pakistan, who have faced deadly attacks. Interest from groups linked to India could be related to bilateral tensions and Pakistan's broader security posture.
Other entities targeted included the Khyber Pakhtunkhwa police, the Islamabad police, and the Punjab Safe Cities Authority. The Khyber Pakhtunkhwa police stated that while one end-user's login credentials were compromised during a period of heightened Pakistan-India tensions, there is no evidence that any core police systems, networks, or critical applications were successfully breached.
The Chinese Embassy in Washington stated that China firmly opposes and combats all forms of cyberattacks in accordance with the law and does not permit such illegal activities from its territory or infrastructure. The Indian Embassy in Washington did not respond to questions regarding the analysis.
