🟠 High | Source: The Hacker News
Suspected China- and India-aligned threat actors conducted sustained cyber espionage campaigns against Pakistani law enforcement agencies, including the Balochistan Police, between February 2024 and April 2026. Attackers compromised web application servers hosting sensitive police and citizen data. The incident highlights how public-sector web portals managing sensitive personal and law enforcement data remain high-value espionage targets.
Security Architect’s Take: Review the security posture of any internet-facing web applications that handle sensitive operational or citizen data — ensure strict network segmentation, web application firewall (WAF) coverage, and regular authenticated vulnerability scanning are in place, particularly for legacy or under-resourced government-facing systems.
Original advisory: Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns