VERY IMPORTANT

An unidentified spyware called Batavia has been targeting Russian industrial organizations since July 2024 through a sophisticated phishing operation. The campaign uses bait emails disguised as contract agreements to trick employees into downloading malicious scripts, initiating a multi-stage infection process. The spyware's ultimate goal is to exfiltrate sensitive internal documents and system data. The attack involves multiple stages, including downloading encrypted VBS scripts, executing Delphi-written executables, and deploying C++-based malware for expanded data theft. Batavia employs advanced evasion tactics and persistence mechanisms, making it a significant threat to organizational security. The campaign remains active, with potential for further damage due to its ability to download additional payloads.