DoNot APT Group Launches Sophisticated Cyber Espionage Campaign Against Italian Ministry of Foreign Affairs and Other European Nations
A sophisticated cyber espionage campaign has been uncovered, targeting the Italian Ministry of Foreign Affairs and other European nations. The attack, attributed to the Donut APT group, began with a convincing spear-phishing email impersonating official diplomatic correspondence.
The phishing email contained a malicious Google Drive link, leading recipients to a RAR archive named SyClrLtr.rar. Upon execution, the archive deployed notflog.exe, which then triggered a batch file in the system's temporary directory. The malware established a scheduled task, 'PerformTaskMaintain', to ensure persistence and communicate with the attackers' command-and-control server every 10 minutes. The payload was associated with LoptikMod malware, a tool exclusively used by the Donut APT group since 2018. This recent campaign marks an expansion of the group's targets, following their initial focus on the Italian Ministry of Foreign Affairs. The ultimate goal of the attack was to establish a foothold within the target's infrastructure and exfiltrate sensitive information.
The Donut APT group's recent activities underscore their persistent interest in gathering sensitive information from European foreign affairs ministries. As the campaign expands to include Italy and other unspecified nations, organizations are urged to remain vigilant against such targeted attacks and to implement robust cybersecurity measures.
Read also:
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- SonicWall executive Michael Crean discusses the current state of managed security
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
