ISLAMABAD, Pakistan (Diya TV) — Suspected state-linked hacking groups tied to China and India separately targeted Pakistani law enforcement networks between February 2024 and April 2026, according to a report published Thursday by cybersecurity firm SentinelOne’s research division, SentinelLABS.

The report identified four distinct hacking campaigns, most notably against the Balochistan Police, which serves Pakistan’s southwestern province and has been affected by a long-running separatist insurgency. All four campaigns reached Balochistan Police systems, with one campaign planting malware inside a public-facing portal used by citizens to file complaints against police, according to the report.

Researchers classified the campaigns based on malware families and assessed their likely state affiliations at varying confidence levels. Three clusters — involving malware known as PlugX, ShadowPad and Cobalt Strike — were assessed as China-linked, based partly on malware characteristics and, in the case of the Cobalt Strike-linked campaign that included the citizen complaint portal breach, on comparisons with previous China-linked targeting patterns, including past operations against Tibetan Buddhist organizations in Taiwan. Researchers said some malware samples contained Chinese words written in Roman characters, while one contained log messages in simplified Chinese, indicating a Chinese-speaking developer was likely involved in building the tools.

A fourth cluster, involving malware known as Remcos, was assessed as India-linked and associated with a group tracked by cybersecurity company Recorded Future as TAG-179. SentinelLABS said the group’s methods showed partial overlap with groups tracked by other firms under different names, including Kaspersky’s Mysterious Elephant and Qihoo 360’s APT-C-08, also known as Bitter, though the overlap did not confirm the names referred to the same group.

Aleksandar Milenkoski, a principal threat researcher at SentinelOne, said in the report that the involvement of multiple cyberespionage actors targeting a single country’s law enforcement institutions signals the value of the target. “What draws them is a particular kind of institution: one that holds the government’s internal security picture, what it knows about the threats inside its borders, and how it acts against them,” Milenkoski wrote.

Researchers said possible motives for the China-linked activity include concerns over the safety of Chinese nationals working on Belt and Road Initiative projects in Pakistan, particularly the China-Pakistan Economic Corridor, citing past attacks on Chinese nationals in the country, including an October 2024 bombing at Karachi airport and a March 2024 suicide bombing in northwestern Pakistan.

Liu Chang, a spokesperson for the Chinese Embassy in Washington, said in an emailed statement that China “firmly opposes and combats all forms of cyberattacks in accordance with the law” and does not permit any country or individual to conduct illegal cyber activity within Chinese territory or using Chinese infrastructure. The Indian Embassy in Washington did not respond to questions about the report. The Khyber Pakhtunkhwa Police, one of the agencies referenced in related reporting, said protecting its systems remains a top priority and that no evidence indicated any core police system suffered a successful breach, though the force acknowledged an increase in attempted cyber activity during a period of heightened tension between Pakistan and India last year. The Islamabad Police, the Punjab Safe Cities Authority and Pakistan’s Ministry of Interior did not respond to requests for comment on the report.