During the last week Yoroi CERT’s analysts uncovered several attacks targeting the italian naval and defence industry. The attacker used email as known propagation vector in order to infect victims by sending a special crafted xls file. The identified attack properties triggered internal defcon escalation in order to assess the threat magnitude and eventually special malware analyses according to the threat.