defense · TheHackerNews
Between February 2024 and April 2026, multiple threat actors conducted sustained cyber espionage against Pakistani law enforcement organizations, according to research by SentinelOne. Attackers compromised network appliances and web servers at Balochistan Police and other agencies, gaining access to systems managing biometric records, criminal case files, hotel and tenant registrations, and personnel data. A China-nexus actor deployed a custom implant via the Complaint Management System (CMS) portal—a public-facing application used by both police staff and citizens—by masquerading updates as legitimate system patches. Four distinct malware families were identified: PlugX, ShadowPad, Cobalt Strike, and Remcos RAT, with the latter attributed to India-nexus operators and the former three traditionally linked to Chinese state-aligned groups.
For Omniware's buyers—particularly defense contractors and government agencies handling sensitive law enforcement data—this incident underscores the risk of supply-chain compromise and public-facing application exploitation. Organizations managing citizen data or government records should assess whether similar web portals lack adequate input validation, patch management, or network segmentation controls. SaaS and managed service providers supporting government or law enforcement should review their incident response procedures for detecting suspicious portal updates and lateral movement across internal infrastructure. An Omniware engagement can scope the extent of detective controls, access logging, and application hardening required for regulated environments handling classified or sensitive personal information.
Source: The Hacker News - https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html
Source: TheHackerNews
All briefings