Italian Foreign Ministry Targeted in Sophisticated DoNot APT Cyber Espionage Campaign
The Italian Ministry of Foreign Affairs has been targeted in a sophisticated cyber espionage campaign by the DoNot APT group. The attack, which began with a spear-phishing email, aimed to establish a foothold within the ministry's infrastructure and exfiltrate sensitive information.
The campaign started with an email from a spoofed Gmail address, mimicking official diplomatic correspondence. The email contained a malicious RAR archive, SyClrLtr.rar, which deployed notflog.exe and a batch file, djkggosj.bat. The malware established a scheduled task to maintain persistence, communicating with the attackers' command-and-control server every 10 minutes.
The payload was associated with LoptikMod malware, exclusively used by the DoNot APT group since 2018. The attack demonstrated a sophisticated approach to evading detection, using legitimate services and carefully crafted spear-phishing tactics to bypass initial security defenses. The group impersonated European defense officials and lured targets to click on a malicious Google Drive link.
The DoNot APT group has conducted a multi-stage cyber espionage campaign targeting the Italian Ministry of Foreign Affairs. The recent targeting of a European foreign affairs ministry highlights the group's expanding scope and persistent interest in gathering sensitive information. The use of LoptikMod malware and sophisticated tactics indicates a high level of sophistication and determination.
Read also:
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Strengthening Defense Against Combined Cyber Threats during the Age of Technological Autocracy
- Nissan Fortifies Supply Chain and Cybersecurity with KPMG, PwC Partnerships
- Enlarged Financial Plan of MGM Osaka Integrated Resort Surpasses $10 Billion Mark
