The Batavia spyware campaign, active since July 2024, targets Russian industrial enterprises through phishing emails containing malicious links disguised as contract documents. The infection process involves three stages: a VBS script downloader, the WebView.exe spyware, and the javav.exe module. These components collect and exfiltrate various types of files, including system logs, office documents, and screenshots. The malware employs techniques to avoid duplicate file uploads and can download additional payloads. Over 100 users across dozens of organizations have been affected. The campaign highlights the importance of comprehensive cybersecurity measures and employee training to mitigate such threats.