New backdoor targeting Ukrainian entities with possible links to Laundry Bear

A new campaign targeting Ukrainian entities has been identified, attributed to actors linked to Russia. The campaign uses judicial and charity-themed lures to deploy a JavaScript-based backdoor called DRILLAPP, which runs through the Edge browser. This backdoor enables various actions including file manipulation, microphone access, and webcam capture. Two variants of the campaign have been observed, with the second variant introducing additional capabilities. The attackers utilize the browser's capabilities to evade detection and gain access to sensitive resources. The campaign shares tactics with a previously reported Laundry Bear operation, leading to a low-confidence attribution to this group.

Pulse ID: 69b934921c208cec80c35f6c
Pulse Link: https://otx.alienvault.com/pulse/69b934921c208cec80c35f6c
Pulse Author: AlienVault
Created: 2026-03-17 11:01:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #CyberSecurity #Edge #ICS #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #RAT #RCE #Russia #UK #Ukr #Ukrainian #bot #AlienVault