Multiple nation-state threat operations and commercial spyware vendors have leveraged the new DarkSword iOS exploit kit, which features half a dozen vulnerabilities reported by iVerify to impact nearly 300 million iPhones, in attacks over the last five months, according to SecurityWeek.After being tapped by the UNC6748 hacking operation to compromise Saudi Arabian users with the Ghostknife malware in November, DarkSword whose infrastructure resembles the recently discovered Coruna exploit kit was used by Russian state-sponsored cyberespionage operation UNC6353 to target Ukraine with the GhostBlade information-stealing malware in December, a report from Google revealed. Moreover, PARS Defense, a commercial surveillance vendor, exploited DarkSword to spread the GhostSaber backdoor in attacks against Turkey and Malaysia in November and January, respectively.Lookout researchers noted that DarkSword's attack chains involved the targeting of WebConnect process JIT issues, tracked as CVE-2025-31277 and CVE-2025-43529, as well as the CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520 flaws, which conclude with the injection of an advanced payload with comprehensive information-stealing capabilities.
Threat Intelligence, Vulnerability Management, Patch/Configuration Management
Attacks with sophisticated DarkSword iOS exploit kit underway

(Photo by Jakub Porzycki/NurPhoto via Getty Images)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



