Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1826+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. China and India Ran Separate Spying Campaigns Against the Same Pakistani Police Force
China and India Ran Separate Spying Campaigns Against the Same Pakistani Police Force
NEWS

China and India Ran Separate Spying Campaigns Against the Same Pakistani Police Force

SentinelOne Labs uncovered parallel nation-state espionage operations by China-linked and India-linked threat actors targeting Pakistani law enforcement, compromising biometric data, criminal records, and personnel files.

Dylan H.

News Desk

July 10, 2026
3 min read

Researchers at SentinelOne Labs published findings on July 9, 2026, revealing that hacking groups linked to both China and India independently conducted espionage campaigns against Pakistani law enforcement — simultaneously, without apparent coordination, and targeting many of the same systems.

What Was Targeted

The primary target was the Balochistan Police, the force responsible for Pakistan's volatile southwestern province, which has been a hotspot for insurgency activity and recent deadly attacks on Chinese nationals. Secondary targets included the Khyber Pakhtunkhwa Police, the Islamabad Police, and the Punjab Safe Cities Authority.

Compromised data included:

  • Criminal records and case files
  • Biometric and fingerprint data
  • Personnel records and HR files
  • Hotel and tenant registration databases
  • National identity records
  • Citizen complaint submissions

China-Linked Actor TTP

The China-linked threat group exploited the Balochistan Police Complaint Management System (CMS), planting malicious files disguised as legitimate software updates. The payloads deployed:

  • AsyncRAT — disguised as Qihoo 360 security software, a well-known Chinese antivirus product, likely chosen to evade suspicion
  • A Rust-based loader that fetched additional payloads from remote infrastructure

SentinelOne assessed that China's interest is tied to protecting the safety of Chinese nationals working on Pakistan's China-Pakistan Economic Corridor (CPEC) infrastructure projects, following a string of deadly attacks in the region.

India-Linked Activity

The India-linked campaign was assessed as still active as of April 2026 at the time of discovery. Researchers attributed the activity to India's broader strategic rivalry with Pakistan and alleged Indian backing of elements connected to the Baloch insurgency.

The overlapping targeting of the same police databases by two separate nation-state actors demonstrates what security researchers sometimes call "watering hole convergence" — when geopolitically motivated actors independently identify the same high-value target.

Official Responses

  • KPK Police denied that any core operational systems were breached but acknowledged a rise in attempted cyber activity coinciding with heightened India-Pakistan tensions
  • The Chinese Embassy denied any involvement
  • The Indian Embassy did not respond to requests for comment

Implications

The campaign highlights the increasing risk to law enforcement data in geopolitically sensitive regions. Biometric databases and criminal records held by police forces represent high-value intelligence targets — compromising them enables long-term tracking of individuals and provides adversaries with information about human networks.

Security teams operating in regions with CPEC projects or India-Pakistan flashpoints should audit access to law enforcement-adjacent systems and monitor for AsyncRAT indicators of compromise.

#nation-state#espionage#pakistan#asyncrat#china#india#balochistan

Related Articles

From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management

Lumen Technologies discovered it had 60x more assets than previously known after consolidating 40+ disconnected inventory systems with Axonius. The revelation drove a 10x security investment increase and a cloud migration decision.

3 min read

Microsoft Reins in RoguePlanet Zero-Day After Public PoC Release

Researcher 'Nightmare-Eclipse' published a proof-of-concept exploit for a Windows Defender vulnerability in early June after dropping several other Microsoft zero-days — Microsoft has since contained the RoguePlanet threat with a security update.

4 min read

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

An unprotected 800MB server left open for three weeks exposed the full toolkit of a webshell access brokerage operation targeting 1.4 million domains. Over 25,000 sites were confirmed compromised using 27 known CVEs, with a SNOWLIGHT dropper installing a VShell implant.

3 min read
Back to all News