Secret Blizzard compromised command-and-control (C2) infrastructure used by Storm-0156, a Pakistani-based threat actor, to gain access to their targets’ networks and data. They leveraged Storm-0156’s existing access to deploy their own malware, “TwoDash” and “Statuezy,” into Afghan government networks. They also potentially acquired Storm-0156’s tools, C2 and target network credentials, and exfiltrated data from previous operations.