216.73.216.133

Spyware Targets Employees via Weaponized Word Documents Delivering Malware Payloads

· Published 09/07/2025 03:05 · Modified 13/07/2025 10:03

Export JSON

Essential information

Published
09/07/2025 03:05
Modified
13/07/2025 10:03
Tags
2025-07-09 batavia c++ malware data exfiltration delphi executable evasion tactics multi-stage attack persistence mechanisms phishing russian targets spyware vbs scripts
Related entities
2 observables, 1 intrusion sets (apt), 17 techniques (mitre), 1 malware, 2 others

Description

An unidentified called has been targeting Russian industrial organizations since July 2024 through a sophisticated operation. The campaign uses bait emails disguised as contract agreements to trick employees into downloading malicious scripts, initiating a multi-stage infection process. The 's ultimate goal is to exfiltrate sensitive internal documents and system data. The attack involves multiple stages, including downloading encrypted , executing Delphi-written executables, and deploying C++-based malware for expanded data theft. employs advanced and , making it a significant threat to organizational security. The campaign remains active, with potential for further damage due to its ability to download additional payloads.

External references