216.73.216.86

One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement

· Published 10/07/2026 00:16

Export JSON

Essential information

Published
10/07/2026 00:16
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
asyncrat balochistan police china-nexus cobalt strike cyberespionage india-nexus law enforcement targeting pakistan plugx remcos shadowpad
Related entities
21 indicators, 17 observables, 1 intrusion sets (apt), 17 techniques (mitre), 7 malware

Description

Between February 2024 and April 2026, multiple actors, suspected to be and India-nexus threat groups, conducted sustained intrusions into Pakistani law enforcement organizations, particularly Balochistan Police. The compromised infrastructure included network appliances and servers hosting web applications managing criminal records, biometric data, hotel registrations, and citizen complaints. A suspected actor weaponized the Complaint Management System web application by deploying custom implants disguised as portal updates, targeting both police personnel and citizens. China's likely motivation stems from concerns over the safety of Chinese nationals in , particularly regarding attacks by separatist groups. India's suspected interest relates to its adversarial relationship with , with Balochistan Police offering intelligence on security operations in a strategically sensitive province. The attackers deployed , , , , an...

External references