TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
The Hacker News • • technology
Key Points:
- Proofpoint has revealed a targeted email campaign by the Russian state-sponsored group TA446, using the recently leaked DarkSword exploit kit to attack iOS devices, marking a new capability for the threat actor.
- The campaign involved spoofed "discussion invitation" emails impersonating the Atlantic Council, delivering the GHOSTBLADE dataminer malware via DarkSword, with notable targets including Russian opposition figure Leonid Volkov.
- TA446's use of DarkSword has enabled broader targeting beyond their usual scope, affecting government, think tanks, academia, finance, and legal sectors, likely for credential harvesting and intelligence gathering.
- Apple has issued Lock Screen warnings to users of older iOS versions about web-based attacks linked to DarkSword, urging immediate updates, highlighting the severity and widespread nature of the threat.
- Security experts warn that the public leak of DarkSword on GitHub lowers the barrier for cybercriminals to deploy advanced iOS exploits, challenging the perception that iPhones are largely immune to sophisticated cyberattacks.
