Spyware Targets Employees via Weaponized Word Documents Delivering Malware Payloads

SUMMARY :

An unidentified spyware called Batavia has been targeting Russian industrial organizations since July 2024 through a sophisticated phishing operation. The campaign uses bait emails disguised as contract agreements to trick employees into downloading malicious scripts, initiating a multi-stage infection process. The spyware's ultimate goal is to exfiltrate sensitive internal documents and system data. The attack involves multiple stages, including downloading encrypted VBS scripts, executing Delphi-written executables, and deploying C++-based malware for expanded data theft. Batavia employs advanced evasion tactics and persistence mechanisms, making it a significant threat to organizational security. The campaign remains active, with potential for further damage due to its ability to download additional payloads.

OPENCTI LABELS :

phishing,data exfiltration,spyware,evasion tactics,multi-stage attack,batavia,c++ malware,persistence mechanisms,russian targets,vbs scripts,delphi executable


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Spyware Targets Employees via Weaponized Word Documents Delivering Malware Payloads