Islamabad - Afghan diplomats in Pakistan have been warned they are believed to be victims of "government-backed" digital attacks trying to steal their email passwords.
Afghan embassy sources told BBC two staff members and a generic account received alerts from Google this month.
Last week Amnesty International detailed attempts to install malware on computers and phones of activists critical of the establishment. The military did not comment on allegations intelligence services were to blame.
After the Google warning alerts were sent out, another Afghan diplomat's email account was hacked and made to send out emails, without his knowledge, containing suspicious attachments.
The emails purported to contain photographs of rallies by protesters known as the Pashtun Protection Movement (PTM). In fact the attachments appear to contain malicious files, although it was not possible to download and examine them.
A source in the Afghan embassy told BBC he was concerned that recipients of the emails sent out from the diplomat's account could believe the Afghan embassy was linked to the movement.
The email was sent to addresses publicly linked to a number of political figures in Pakistan. They include a former information minister, and a former law minister.
It was also sent to a former senator from a Pashtun nationalist party, Bushra Gohar. Ms Gohar told BBC: "I know for a fact that all my accounts are being observed… this is condemnable." She added: "Parliament needs to form a committee and look into what is going on."
An employee of the Afghan embassy and a former member of staff were also both targeted by a fake Facebook profile linked to cyber-attacks.
A report by Amnesty International released last week revealed that the profile, "Sana Halimi", had repeatedly sent malware to a human rights activist in Lahore.
One of the Afghan embassy staff members befriended by "Sana Halimi" told colleagues "she" had engaged him in conversation pretending to be an Afghan woman from the city of Herat.
The Facebook account also befriended a number of other human rights activists. One told BBC it had messaged him in a "flirtatious" manner.
In a report released last week, mobile security company Lookout documented "Sana Halimi" sending out malware via Facebook Messenger on at least two occasions.
The incidents form part of an investigation they carried out into the successful hacking of devices by a team they describe as "likely" being run by the establishment. Their report examined around 30GB of stolen data, a significant part of which appeared to have been taken from Afghan officials.
The BBC has learnt that the pictures of "Sana Halimi" were in fact stolen from the social media accounts of a 21-year-old chef in Lahore called Salwa Gardezi with no connection to Afghanistan.
Ms Gardezi is a close relative of a prominent political commentator, Ayesha Siddiqa, known for her work critiquing the military. It is not clear if her photographs were used because of this connection.
Ms Gardezi said she had only realised her pictures had been copied from her Facebook and Instagram accounts after a BBC article on the malware attacks last week. She told BBC it was "shocking" her images had been used in this way, and that she had "no connection" to political work at all.
She added that she is planning to lodge a complaint with Federal Investigation Agency as she is concerned she could wrongly be mistaken as being linked to the cyber attackers. "I want to clear my image," she said.
