The China-linked Calypso APT group was observed to be targeting vulnerable Microsoft Exchange servers to deploy web shells and eventually load the PlugX malware.