A Russian state-linked threat actor, Laundry Bear (also tracked as UAC-0190 and Void Blizzard), conducted a targeted espionage campaign against Ukrainian government entities in [February 2025], deploying a JavaScript backdoor called DRILLAPP. The malware runs inside Microsoft Edge in headless mode, a trusted and commonly allowlisted process, enabling covert access to cameras, microphones, screens, and the file system without triggering standard endpoint alerts. Organizations with remote workers, diplomatic missions, or operational ties to Ukraine face elevated risk of silent credential and data exfiltration through this technique.