Summary

The article discusses a new cyber espionage campaign targeting Ukrainian entities, attributed to Russian-linked threat actors. The campaign involves the use of a backdoor named DRILLAPP, which exploits Microsoft Edge's debugging feature for stealth operations.

Key Points

• The campaign was identified by S2 Grupo's LAB52 threat intelligence team in February 2026.
• It is believed to be linked to Russian threat actors, specifically Laundry Bear, also known as UAC-0190 or Void Blizzard.
• The DRILLAPP backdoor is used to target Ukrainian defense forces.
• The malware abuses Microsoft Edge's debugging capabilities to remain undetected.

Analysis

This campaign highlights the ongoing cyber warfare targeting Ukraine, with sophisticated tactics such as exploiting legitimate software features for malicious purposes. The use of Microsoft Edge's debugging feature by the DRILLAPP backdoor underscores the need for vigilance and advanced threat detection capabilities in environments that may be targeted by state-sponsored actors.

Conclusion

IT professionals should ensure robust security measures are in place, including monitoring for unusual activity in legitimate applications like Microsoft Edge. Regular updates and threat intelligence sharing are crucial to mitigate risks associated with such sophisticated threats.