Back to advisories

Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

State-sponsored threat actors compromised Pakistani police web applications between February 2024 and April 2026, deploying PlugX, ShadowPad, Cobalt Strike, and Remcos RAT to exfiltrate sensitive law enforcement and citizen data. If your organization shares infrastructure, data pipelines, or personnel access with Pakistani law enforcement entities, you may be in scope. This represents sustained espionage with custom tooling suggesting significant adversary resources.

HIGHAdvisoryJul 13, 2026
Action required
Hunt for PlugX, ShadowPad, Cobalt Strike, and Remcos RAT indicators across your network immediately. Prioritize endpoints with law enforcement data access, API integrations to Pakistani authorities, or shared cloud infrastructure. Cross-reference IOCs with your EDR and proxy logs dating back to February 2024.