Overview
Researchers at cybersecurity firm SentinelOne disclosed on Thursday that multiple hacking operations linked to groups associated with China and India targeted Pakistani law enforcement agencies over a multi-year period. The report says the campaigns, observed between February 2024 and April 2026, concentrated on agencies involved in tracking internal threats and coordinating government and police responses.
Scope and methods
SentinelOne said investigators identified several intrusions and campaigns directed at law enforcement institutions across Pakistan, with the Balochistan police—a force serving the country’s southwestern province—most notably affected. According to the report, the operations targeting the Balochistan police involved network equipment, web servers and multiple online applications, including the force’s Complaint Management System. Other named targets included the Khyber Pakhtunkhwa police, Islamabad police and the Punjab Safe Cities Authority (PSCA), which manages systems used by police in major cities of Punjab province.
Why these agencies drew attention
“When multiple cyberespionage actors operate against law enforcement institutions of a single state, the convergence itself is a signal of target value,”
wrote Aleksandar Milenkoski, a principal threat researcher at SentinelOne, in a blog published alongside the report. He added,
“What draws them is a particular kind of institution: one that holds the government’s internal security picture, what it knows about the threats inside its borders, and how it acts against them.”
The report links the subject matter of interest to several national security concerns, including militant violence, frictions with Afghanistan and Pakistan’s economic collaboration with China.
Responses from diplomatic channels and local agencies
The Chinese Embassy in Washington, through spokesperson Liu Chang, responded by email, saying China "firmly opposes and combats all forms of cyberattacks in accordance with the law, and does not allow any country or individual to engage in such illegal activities within China’s territory or by using China’s infrastructure." The Indian Embassy in Washington did not provide an answer to questions about the analysis.
SentinelOne’s assessment suggested Chinese-linked interest may stem from concerns about the safety of Chinese nationals working in Pakistan, who have been targeted in deadly attacks in recent years. The firm also linked activity from groups associated with India to the broader pattern of tensions between India and Pakistan and to Pakistan’s security posture.
Local agency statements and clarifications
The Khyber Pakhtunkhwa police issued a public statement emphasizing that security of its systems is "a matter of the highest priority," and asserting that "there is no evidence that any core KP police system, network, or critical application has been successfully compromised." The statement additionally noted that during the period of heightened Pakistan-India tensions last year, KP Police experienced an increase in attempted cyber activities, and that in "one isolated incident, the login credentials of an end user were compromised."
The SentinelOne report said the Balochistan police did not respond to a request for comment. The Islamabad Police, PSCA and Pakistan's Ministry of Interior also did not reply to requests for comment, according to the report.
Takeaway
SentinelOne’s findings portray a pattern of interest by multiple foreign-linked cyber actors in Pakistan’s law enforcement infrastructure. The firm's analysis focuses on the types of systems targeted and the national-security-related information those systems hold, without asserting definitive attribution beyond noting links to groups associated with China and India.