Batavia spyware steals data from Russian organizations
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Batavia spyware campaign, active since July 2024, targets Russian industrial enterprises through phishing emails containing malicious links disguised as contract documents. The infection process involves three stages: a VBS script downloader, the WebView.exe spyware, and the javav.exe module. These components collect and exfiltrate various types of files, including system logs, office documents, and screenshots. The malware employs techniques to avoid duplicate file uploads and can download additional payloads. Over 100 users across dozens of organizations have been affected. The campaign highlights the importance of comprehensive cybersecurity measures and employee training to mitigate such threats.
OPENCTI LABELS :
phishing,spyware,uac bypass,vbs script,multi-stage infection,webview.exe,batavia,javav.exe
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Batavia spyware steals data from Russian organizations