Multiple Pakistani law enforcement agencies were targeted in separate cyber campaigns linked to hacking groups associated with China and India, according to new findings released by cybersecurity company SentinelOne. The report provides fresh insight into foreign cyber espionage activities directed at Pakistan’s security institutions and highlights growing interest in the country’s internal security landscape, including militant violence, relations with Afghanistan, and economic cooperation with China. Researchers stated that the targeting of multiple law enforcement organizations by different threat actors demonstrates the strategic importance of institutions that collect and manage information related to national security and internal threats.
SentinelOne said it uncovered evidence of multiple hacking campaigns and intrusions conducted by groups linked to China and India between February 2024 and April 2026. The operations primarily targeted agencies responsible for monitoring threats and coordinating responses between law enforcement bodies and government institutions. Aleksandar Milenkoski, Principal Threat Researcher at SentinelOne, noted that when several cyber espionage groups focus on law enforcement institutions within a single country, it signals the value of the information held by those organizations. According to the report, these institutions possess critical intelligence regarding security challenges inside the country and maintain insight into how authorities identify and respond to those threats. Researchers identified the Balochistan Police as one of the most significant targets in the campaigns.
The report stated that Chinese interest in Pakistani law enforcement agencies may be linked to concerns surrounding the security of Chinese nationals working in Pakistan, several of whom have been victims of deadly attacks in recent years. Meanwhile, activity linked to Indian groups may be associated with longstanding tensions between the two countries and Pakistan’s broader security posture. According to Milenkoski, operations targeting Balochistan Police involved network equipment, web servers, and several online applications, including the force’s Complaint Management System. Additional targets included Khyber Pakhtunkhwa Police, Islamabad Police, and Punjab Safe Cities Authority, an autonomous government organization that manages technology systems used by police departments in major cities across Punjab.
Responding to the report, Liu Chang, spokesperson for Chinese Embassy in Washington, said in an emailed statement that China firmly opposes and combats all forms of cyberattacks in accordance with the law and does not permit any country or individual to engage in such activities using Chinese territory or infrastructure. Indian Embassy in Washington did not respond to questions regarding the findings. Khyber Pakhtunkhwa Police also issued a statement emphasizing that the security of its systems remains a top priority and said there is no evidence that any of its core systems, networks, or critical applications were successfully compromised. The agency acknowledged that during heightened Pakistan and India tensions last year, it experienced an increase in attempted cyber activities and confirmed that in one isolated incident the login credentials of an end user were compromised. Balochistan Police, Islamabad Police, Punjab Safe Cities Authority, and Ministry of Interior did not respond to requests for comment regarding the report’s findings.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.