A new campaign reveals the DoNot APT groupβs expansion into European diplomatic targets using sophisticated spear-phishing, malware, and cloud-based tactics. The campaign demonstrates the groupβs evolving methods and intent to gather sensitive political and military intelligence in Europe. #DoNotAPT #LoptikMod
Keypoints
- The DoNot APT group has targeted a European foreign affairs ministry with advanced espionage techniques.
- The attack started with spear-phishing emails impersonating defense officials and using cloud links for infection.
- The malware employs obfuscation, anti-VM techniques, and dynamic API loading to evade detection.
- Infection involves multi-stage payloads that establish persistent command and control access.
- The groupβs activities indicate a focus on gathering political, military, and economic intelligence in Europe.