A new undocumented spyware named ‘Batavia’ has been targeting large Russian industrial enterprises through phishing emails that mimic contractual documents. The campaign, active since July 2023 and intensifying in early 2025, appears related to espionage activities targeting Russia’s industrial sector. #Batavia #RussianIndustrial #C2Servers
Keypoints
- Batavia is a previously undocumented spyware used in targeted phishing campaigns against Russian industries.
- The attack begins with a malicious link in emails that downloads a Visual Basic script when clicked.
- The malware collects system information, then exfiltrates data and downloads additional payloads like WebView.exe and javav.exe.
- The final stage involves a C++ data stealer that targets various file types for comprehensive data theft.
- Researchers suspect the campaign is an espionage operation aimed at Russia’s industrial activities, with a possible fourth payload still unidentified.