In the last days a huge attack campaign hit several organizations across the Italian cyberspace, as stated on bulletin N020219 the attack waves tried to impersonate legit communication from a known Express Courier. However, a deeper analysis by Cybaze-Yoroi ZLAB revealed interesting hidden aspects, spotting a connection between the AZORult toolkit and a particular Gootkit payload.

https://blog.yoroi.company/research/gootkit-unveiling-the-hidden-link-with-azorult/