Laundry Bear (assessed Russian-attributed, moderate-to-high confidence; T3-dominant sourcing) is targeting Ukrainian government organizations with DRILLAPP, a JavaScript backdoor that weaponizes Microsoft Edge’s legitimate Chrome DevTools Protocol debugging infrastructure to achieve screen capture, audio recording, file exfiltration, and webcam access without exploiting any browser vulnerability — meaning no CVE exists and standard AV signatures are largely ineffective. Organizations with operational ties to Ukraine or sectors of Russian intelligence interest should immediately block or restrict Edge’s remote debugging port (localhost:9222) via Group Policy, hunt EDR telemetry for Edge processes launched with ‘–remote-debugging-port’ or ‘–headless’ flags, and monitor for mshta.exe executing remotely sourced HTA payloads. Attribution and IOC details should be cross-referenced against CERT-UA and Microsoft MSTIC advisories before operationalizing.