DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Summary
A new backdoor malware dubbed DRILLAPP is targeting Ukrainian entities in a sophisticated espionage campaign. Threat actors, potentially linked to Russia, are leveraging Microsoft Edge debugging features to maintain stealth and evade detection.
IFF Assessment
FOE
This is bad news for defenders as it reveals a new sophisticated malware and attack technique being used in an ongoing geopolitical conflict.
Defender Context
Defenders should be aware of DRILLAPP and similar advanced persistent threats (APTs) targeting Ukrainian entities, as well as the use of legitimate debugging tools for malicious purposes. Monitoring for unusual network activity and endpoint behavior, especially related to browser processes, will be crucial.