Content |
History
2025: Sending to dozens of Russian industrial enterprises
An unidentified group of cybercriminals carries out targeted attacks on Russian industrial and scientific organizations using the previously unknown Batavia spyware. Malicious software is designed to steal internal documents and confidential information of enterprises. The discovery of a new cyber threat was reported by researchers at Kaspersky Lab JSC on July 7, 2025.
According to the press service of Kaspersky Lab, employees from several dozen companies across the country received malicious emails. Among the affected organizations were shipbuilding, aviation and oil and gas enterprises, as well as design bureaus.
The Batavia Trojan was first discovered by the company's specialists in the spring of 2025. The program is a malware specially designed for espionage, consisting of a VBA script and two executable files.
A distinctive feature of Batavia is its narrow focus on document theft. The program collects various files found on the victim's computer and connected removable media.
Malicious software retrieves system logs, lists of installed programs, drivers, and operating system components. The Trojan also accesses emails and office documents in a variety of formats.
Batavia is capable of collecting tables, presentations and other files containing potentially valuable corporate information. The program has additional functionality for performing other illegitimate actions.
The Trojan can install additional malicious software on infected systems. The malware is also capable of taking screenshots to get visual information from workstations.[1]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |