Multiple Pakistani law enforcement agencies were targeted in separate hacking campaigns linked to groups associated with China and India, according to a report released on Thursday by cybersecurity firm SentinelOne. 

Aleksandar Milenkoski, a principal threat researcher at SentinelOne, wrote in the report published on Thursday that “When multiple cyberespionage actors operate against law enforcement institutions of a single state, the convergence itself is a signal of target value”. 

SentinelOne, headquartered in Mountain View, California, is a major player in modern cybersecurity, focusing on proactive, AI-driven defense against sophisticated attacks. 

According to the SentinelOne report, researchers found evidence of multiple hacking campaigns and intrusions carried out by Chinese and Indian-linked hacking groups between February 2024 and April 2026, most notably against the Balochistan Police, which serves Pakistan’s southwestern province. 

The report said the affected assets at Balochistan Police included network appliances, web servers, and several online applications, including the complaint management System that handles police and citizen data such as criminal and biometric records. 

It further stated that a suspected China-linked actor placed custom implants in one of these web applications used by both police staff and citizens. 

According to SentinelOne, other targets included the Khyber Pakhtunkhwa Police, the Islamabad Police, and the Punjab Safe Cities Authority. 

The report said the China-linked activity, involving tools such as PlugX, ShadowPad, and Cobalt Strike, appeared to be motivated primarily by concerns over the safety of Chinese nationals working in Pakistan, particularly in connection with China-Pakistan Economic Corridor projects, following repeated attacks by groups such as the Balochistan Liberation Army. 

It further said the India-linked activity, associated with Remcos and actors such as TAG-179, focused especially on Balochistan and likely stemmed from the broader rivalry with Pakistan, seeking insight into how the province’s security is managed amid mutual accusations of supporting militancy. 

According to the report, the Khyber Pakhtunkhwa Police acknowledged that one end-user login credential was compromised but stated that no core systems were breached. 

The report noted that the Balochistan Police and other agencies did not respond to requests for comment. It also said China denied involvement in such activities, while India had not commented on the report. 

According to SentinelOne, Pakistani law enforcement organizations are attractive targets because they hold detailed information on the country’s internal security picture, threats within its borders, and responses to them, drawing interest from both a strategic partner and a rival. 

The findings come at a time when Pakistan is grappling with a sharp rise in terrorist violence, particularly in Khyber Pakhtunkhwa and Balochistan, where security forces have faced frequent attacks and insurgent activity has intensified. 

If the report’s findings are accurate, they highlight the strategic value of Pakistan’s law enforcement networks to foreign intelligence-linked cyber actors seeking insight into the country’s counterterrorism operations, security deployments, and internal threat landscape amid an increasingly volatile security environment. 

So far, no official source has issued any statement confirming or denying the report.