The DONOT APT group has launched a campaign targeting Pakistan's manufacturing industry supporting maritime and defense sectors. The attack uses a malicious LNK file disguised as an RTF, which executes PowerShell commands to deliver a lure document and stager malware. The malware establishes persistence through scheduled tasks, communicates with command and control servers using encrypted methods, and can download additional payloads. The campaign shows evolution in tactics, including improved encryption and payload delivery methods. The attackers collect detailed system information from victims and can self-delete if instructed. This operation demonstrates the increasing sophistication of APT campaigns and the need for enhanced cybersecurity measures.