Poor Balochistan Police.
For years it has struggled with insurgencies, terrorism, political violence and the unenviable task of policing Pakistan’s most volatile province.
Now it can add another distinction to its résumé: becoming the digital equivalent of the last slice of pizza at a party. Everybody wants it.
According to a report by cybersecurity researchers at SentinelLABS, state-linked cyber actors associated with both China and India spent more than two years independently trying to burrow into Pakistani law enforcement networks.
The campaigns, tracked between February 2024 and April 2026, targeted several institutions, but one agency kept appearing in the crosshairs: Balochistan Police.
It’s a rare moment of geopolitical consensus. Beijing and New Delhi agree on almost nothing. But apparently, when it comes to Pakistani police databases, both looked at the same target and thought, “Now that’s interesting.”
The motivations, however, couldn’t be more different.
For China, the concern is straightforward. Thousands of Chinese engineers, workers and companies are involved in projects linked to the China-Pakistan Economic Corridor (CPEC). Those investments have increasingly come under attack from Baloch insurgent groups, with deadly assaults on Chinese nationals becoming a recurring diplomatic headache.
Official reassurances from Islamabad have done little to calm nerves in Beijing. If you’re no longer convinced your partner has the full picture—or is telling you everything—you might decide to collect the information yourself.
According to SentinelLABS, access to Balochistan Police systems could provide Chinese intelligence with a direct view of militant activity, investigations, security deployments and threats to Chinese personnel, bypassing Pakistani intermediaries altogether.
Trust, after all, is important in international relations. Verification is apparently even more important.
India’s interest lies elsewhere.
For Indian-linked “threat actors”, as the report describes them, Pakistani law enforcement networks represent an unusually rich source of intelligence about Islamabad’s internal security posture. Police databases, operational communications and network infrastructure can reveal how Pakistan responds to insurgencies, manages border security, tracks militant organisations and coordinates internal operations.
In other words, while China appears interested in protecting its citizens and investments, India would be more interested in understanding Pakistan’s security architecture itself.
Different destinations. Same train.
The report describes what cybersecurity professionals call “target convergence”—multiple independent espionage campaigns arriving at the same conclusion about which network offers the highest intelligence value.
The Chinese-linked campaign reportedly deployed malware through the Balochistan Police’s public-facing Complaint Management System. Victims were shown reassuring messages such as “Update complete, please refresh” while malicious code quietly established a foothold.
There is something almost poetic about cyber espionage. In spy films, agents rappel down skyscrapers and crack biometric vaults. In real life, someone clicks what looks like an ordinary software update.
The Indian-linked activity, according to the researchers, focused more broadly on network infrastructure and appeared to intensify during periods of heightened tensions between India and Pakistan.
The overlap extended beyond Balochistan.
Researchers also identified targeting of Islamabad Police, the Punjab Safe Cities Authority which operates sophisticated surveillance and command systems across Punjab, and Khyber Pakhtunkhwa Police.
The latter acknowledged an isolated compromise involving an end-user credential but denied that core applications or operational systems had been breached.
Cybersecurity reporting often exists in uncomfortable shades of grey. A successful phishing attempt against one employee is not the same as an intelligence service roaming freely through national security databases. Equally, denying a catastrophic breach does not necessarily mean adversaries weren’t knocking on the door.
As always in cyberspace, certainty is a luxury.
China, for its part, rejected the allegations. A spokesperson for the Chinese Embassy in Washington said China firmly opposes all forms of cyberattacks and does not allow its infrastructure to be used for malicious cyber activity.
Indian officials did not immediately comment publicly on the report, while Pakistan’s Ministry of Interior also did not initially respond to requests for comment.
None of this will surprise seasoned observers of cyber espionage. Nation-states routinely collect intelligence in cyberspace, particularly against neighbouring rivals, conflict zones and strategically significant infrastructure.
What makes the SentinelLABS findings notable is not that governments spy. The unusual part is the convergence.
Independent threat groups, linked to competing geopolitical powers with entirely different priorities, all decided that one provincial police force in Pakistan had become one of the most valuable intelligence repositories in South Asia.
That says less about the hackers than it does about the information Balochistan Police possesses.
The province sits at the crossroads of separatist violence, terrorism, cross-border militancy, Chinese infrastructure projects and Pakistan’s wider internal security challenges. Any organisation collecting data on all of that inevitably becomes attractive—not just to investigators, but to foreign intelligence agencies as well.
One can almost imagine an overworked Pakistani cybersecurity administrator opening yet another intrusion alert and wondering whether this one is Beijing, New Delhi or simply Tuesday.
For Balochistan Police, none of this is amusing. It is a reminder that in the digital age, police stations don’t merely guard information. Increasingly, they are the information everyone wants to steal.
Pakistan’s ISPR will probably have plenty to say about the alleged India-linked activity. The harder press briefing may be the one explaining why the fingerprints of its “Iron Brother” turned up in the same report.





