Roshan
| Primary URL | Location | Industry | roshan[.]af |
Country
Afghanistan
|
Telecommunications
|
|---|
Profile
Roshan, also known as Roshan, is a major telecommunications provider headquartered in Afghanistan.
The organisation’s primary activity is the provision of telecommunications services within the country.
Its headquarters are located in Afghanistan, and it is publicly referenced under the alias Roshan.
In July 2020, Roshan was targeted by four distinct Chinese state‑sponsored threat groups in a coordinated cyber espionage campaign.
The attackers gained access through mail server intrusions and deployed Winnti and PlugX malware variants to maintain persistent presence.
The intrusion activity was linked to strategic intelligence collection objectives aligned with regional geopolitical developments.
Specific motives mentioned in reporting include monitoring regional stability, safeguarding Belt and Road Initiative investments, and expanding influence over critical infrastructure sectors.
The operation involved multiple uncoordinated adversary clusters identified as RedFoxtrot, Calypso APT, and two unnamed groups.
These groups conducted parallel operations that overlapped in time and objective against the telecom provider.
The compromise enabled the attackers to conduct extensive surveillance of communications traffic passing through Roshan’s networks.
Additionally, the accessed data could be used to track the movements and interactions of specific individuals of interest.