One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement
Essential information
- Published
- 10/07/2026 00:16
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- asyncrat balochistan police china-nexus cobalt strike cyberespionage india-nexus law enforcement targeting pakistan plugx remcos shadowpad
- Related entities
- 21 indicators, 17 observables, 1 intrusion sets (apt), 17 techniques (mitre), 7 malware
Description
Between February 2024 and April 2026, multiple cyberespionage actors, suspected to be China-nexus and India-nexus threat groups, conducted sustained intrusions into Pakistani law enforcement organizations, particularly Balochistan Police. The compromised infrastructure included network appliances and servers hosting web applications managing criminal records, biometric data, hotel registrations, and citizen complaints. A suspected China-nexus actor weaponized the Complaint Management System web application by deploying custom implants disguised as portal updates, targeting both police personnel and citizens. China's likely motivation stems from concerns over the safety of Chinese nationals in Pakistan, particularly regarding attacks by separatist groups. India's suspected interest relates to its adversarial relationship with Pakistan, with Balochistan Police offering intelligence on security operations in a strategically sensitive province. The attackers deployed PlugX, ShadowPad, Cobalt Strike, Remcos, an...