Ukrainian entities are currently facing a cyberattack campaign involving a new JavaScript-based backdoor called DRILLAPP. Attributed to the Russia-linked threat actor Laundry Bear (UAC-0190), the campaign utilizes Microsoft Edge in headless mode to bypass security restrictions. The attack chain typically starts with judicial or charity-themed lures delivered via LNK files or Control Panel modules to establish persistence within the victim's environment.
DRILLAPP leverages the Chrome DevTools Protocol (CDP) to facilitate file system access and media capture without user interaction. By running the browser with specific debugging parameters, the malware can record audio, video, and screen content while performing recursive file enumeration. It uses Pastefy as a dead drop resolver for command-and-control communication, indicating a sophisticated attempt to blend into legitimate network traffic and evade detection.
Top comments (0)