Scworld
Russia-Linked DRILLAPP Backdoor Targets Ukrainian Entities via Microsoft Edge
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new cyberespionage campaign has been identified, targeting Ukrainian organizations with a backdoor named DRILLAPP, attributed to Russian threat actors, specifically the Laundry Bear group. The campaign employs judicial- and charity-themed lures to deliver the malware, which operates through the Microsoft Edge browser. The initial variant, detected in early February 2026, utilized LNK files to execute an HTML Application that loaded a remote script. A second variant, observed later in February, switched to using CPL files, enhancing its capabilities to include batch file uploading and recursive file listing. The backdoor can access local files, the microphone, and the webcam, indicating a significant threat to privacy and data security. The campaign is ongoing, with researchers noting its early development stage and potential for further evolution. The attacks are part of a broader pattern of cyber operations targeting Ukrainian entities since 2024.
Key Points: • DRILLAPP backdoor targets Ukrainian entities using Microsoft Edge for stealth. • Two variants of the malware have been identified, with increasing capabilities. • The campaign is linked to the Russian Laundry Bear APT group, indicating state-sponsored activity.