An email server controlled by the Afghan telecommunication company Roshan was targeted by a Chinese threat actor since at least early 2021. Calypso’s data exfiltration activity spiked in August and September 2021, coinciding with the United States military’s withdrawal from Afghanistan.
- Roshan, a major Afghan telecommunication company
Suspected state sponsor
Type of incident
- Private sector