“Why would a cyber espionage group known for its South Asian focus suddenly turn its gaze westward?” This question has stirred the intelligence and cybersecurity communities ever since DoNot APT, also recognized as APT-C-35, was identified targeting Italian government systems—an unexpected geographical pivot that breaks with the group’s established operational pattern.
DoNot APT has long been associated with cyber operations primarily within South Asia, a region where geopolitical tensions and intelligence gathering are frequent. According to cybersecurity firm Kaspersky, which first uncovered the campaign, the group’s activities have historically concentrated on exploiting vulnerabilities in neighboring countries’ government networks. Their tools and tactics include spear-phishing, custom malware, and zero-day exploits designed to exfiltrate sensitive information. Yet, recent reports indicate a shift with their intrusion attempts against Italy’s public administration, marking a significant evolution in their operational scope.

Italian cybersecurity authorities, collaborating with the European Union Agency for Cybersecurity (ENISA), have confirmed ongoing investigations into these incursions. The intrusions reportedly target systems involved in foreign policy, defense, and critical infrastructure management. “This development suggests a widening of DoNot APT’s strategic objectives and possibly an alignment with broader geopolitical ambitions,” said Stefano Mele, Deputy Director of Italy’s National Cybersecurity Agency (ACN). “It is imperative that governments worldwide remain vigilant to this expanding threat landscape.”
From a technological standpoint, DoNot APT’s activity demonstrates the increasing sophistication and adaptability of state-sponsored cyber groups. Researchers at FireEye note that the group’s malware variants have incorporated stealthier evasion techniques and improved encryption methods to bypass advanced detection systems. “The fact that they are now targeting Western institutions suggests they have grown in confidence and capability,” said Mandira Singh, a senior threat analyst at FireEye. “It challenges the assumption that certain APT groups are confined to regional operations.”
For policymakers, this escalation underscores the complexity of international cyber diplomacy. Traditionally, cyber espionage has been viewed as a tool for regional intelligence gathering, but the incursion into Italy highlights the blurring of geographical boundaries in cyberspace. NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) issued a statement emphasizing the need for enhanced collaborative defense measures among allies to counter transnational cyber threats effectively. “This isn’t just an Italian issue; it’s a collective security challenge that demands coordinated policy responses,” remarked CCDCOE Director Dr. Markus Feldt.
Users and citizens, while removed from the direct confrontation, face indirect consequences when their governments’ digital infrastructures are compromised. Disruptions in public services, erosion of trust in institutions, and potential exposure of personal data are all risks tied to such espionage activities. Cyber hygiene and awareness campaigns gain renewed importance, as does the investment in resilient digital architectures.
Adversaries like DoNot APT exploit the anonymity and complexity of cyberspace to pursue strategic objectives with relative impunity. Their choice to expand operations into Italy may signal a broader ambition to influence or gather intelligence in European political arenas, possibly reflecting shifts in diplomatic priorities or internal directives.
What does this mean for the future of cyber espionage and international security? The DoNot APT case exemplifies how cyber operations transcend borders and challenge traditional notions of warfare and diplomacy. As nations fortify their defenses, the question remains: will the evolving cyber battlefield push states toward greater cooperation—or deeper conflict? In the end, the invisible war waged in code may define the geopolitical landscape of the 21st century more than any treaty or alliance.




