{"id":288449,"date":"2026-07-11T13:49:00","date_gmt":"2026-07-11T17:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/11\/hackers-weaponize-balochistan-police-portal-in-multi-group-espionage-campaigns\/"},"modified":"2026-07-11T20:00:08","modified_gmt":"2026-07-12T00:00:08","slug":"hackers-weaponize-balochistan-police-portal-in-multi-group-espionage-campaigns","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/11\/hackers-weaponize-balochistan-police-portal-in-multi-group-espionage-campaigns\/","title":{"rendered":"Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/hackers-weaponize-balochistan-police.html\">Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/hackers-weaponize-balochistan-police.html\">https:\/\/thehackernews.com\/2026\/07\/hackers-weaponize-balochistan-police.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-11 13:49:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026.<\/p>\n<p>&#8220;At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as criminal and biometric records,&#8221; Aleksandar Milenkoski, principal threat researcher at SentinelOne SentinelLABS, said in a report published this week.<\/p>\n<p>The activity targeted network appliances and servers hosting web applications that manage biometric records, hotel and tenant registrations linked to national identity records, criminal case files, and personnel records.<\/p>\n<p>The China-nexus threat actor is also said to have compromised one of these web applications to deploy a custom implant masquerading as a portal update. The application in question, named Complaint Management System (CMS), serves police staff and citizens, thereby putting both categories of users within the attacker&#8217;s orbit.<\/p>\n<p>SentinelOne said it detected compromised infrastructure associated with several other Pakistani law enforcement organizations, including the Khyber Pakhtunkhwa Police, the Islamabad Police, and the Punjab Safe Cities Authority (PSCA).<\/p>\n<p>Four different threat clusters have been flagged, each deploying a unique malware family: PlugX, ShadowPad, Cobalt Strike, and Remcos RAT. The use of Remcos RAT has been linked to an India-nexus threat actor, while the PlugX, ShadowPad, and Cobalt Strike clusters are built on shared or commodity tooling and may each involve more than one operator.<\/p>\n<p>That having said, the deployment of both PlugX and ShadowPad, the latter of which is considered a successor to PlugX, is traditionally associated with Chinese nation-state hacking groups.<\/p>\n<p>&#8220;The victimology we observed for PlugX (between 27 February and 28 September 2024) and ShadowPad (between 3 August and 1 December 2024)&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/hackers-weaponize-balochistan-police.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns https:\/\/thehackernews.com\/2026\/07\/hackers-weaponize-balochistan-police.html Publish Date: 2026-07-11 13:49:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":288450,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEimRVwRIhs54UhNHyRll9YzVxICmTpgqwjAK1Sy7vYt6FAzb9oImcFpuM0J8dOWdtdjCdlROkternhP9r5jZD9HNvwVwcyRzhesdYgbVjUpJk7p4rxDDJSdEUibs1Gk-Ihy1bTcxs8fA7kgG49ImfTWEZO6068Ui-_X6sTTraCg8lFuucYJrUJi2RhdXyG2\/s1600\/pakistan.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,34],"class_list":["post-288449","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/288449"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=288449"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/288449\/revisions"}],"predecessor-version":[{"id":288451,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/288449\/revisions\/288451"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/288450"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=288449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=288449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=288449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}