Russian organizations are targeted by a new campaign delivering the Windows spyware Batavia, which steals internal documents and system information. The attack involves bait emails, malicious scripts, and multi-stage payloads to exfiltrate sensitive data. #Batavia #OblastRu #NordDragonScan #Phishing
Keypoints
- The campaign uses bait emails disguised as contract signings sent from βoblast-ru[.]comβ.
- Batavia spyware collects system logs, documents, screenshots, and data from removable devices.
- The malware employs a multi-stage payload process involving Visual Basic scripts and Delphi executables.
- Over 100 users across multiple organizations have received targeted phishing emails over the past year.
- Another threat, NordDragonScan, exfiltrates documents, profiles, and Chrome/Firefox data via malicious HTA files.
Read More: https://thehackernews.com/2025/07/researchers-uncover-batavia-windows.html